I'm not sure what's wrong

[jeffce]

Hi cosmic1,

I uninstalled the old Acrobat Reader, then installed JRE and Foxit Reader; all of which went well.

Good Job!! :bigthumb:
----------

Click Start, go to Run and type cmd. Press Enter.
This will open the command prompt.

Copy the contents of the code box > right click in the command window and select paste

del "C:\Program Files\Common Files\Real\Toolbar\RealBar.dll" /f /q

Press Enter
----------

Once you get that complete let me know how your system is running.

 

[cosmic1]

Hi, Jeff.
I ran the code in the command window. I don't know if I was supposed to get a response or anything (I didn't), but nothing bad happened, so it's a plus in my book. I restarted the laptop to get a more complete sense of how it's running. For the most part, it seems fine. The only issue that I have started last night. The display is acting up a bit. It is hard for me to explain, so I hope the following demonstration is adequate.

Suppose the following is what should be displayed:

aaaaa
aaaaa
aaaaa
aaaaa
aaaaa

What I sometimes get is:

aaaaa
a aaa
aaaaa
aa aa
aaa

If something new is displayed, sometimes part of the old picture will come through. Usually this goes away if I hit refresh, but it has happened more than once in the last 18 or so hours. I don't see any other problems other than this. Thanks.

 

[jeffce]

Hi cosmic1,

I will look into your display problem but in the meantime please go ahead and run an OTL Scan and then post the results into the next reply. :bigthumb:

 

[cosmic1]

My display problem has since gotten worse to the point that I cannot tell what is on screen. I don't know why this happened all of a sudden.

 

[cosmic1]

I used the computer in safe mode and ran the OTL scan. Here is the log.


OTL logfile created on: 9/19/2011 11:26:23 PM - Run 4
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.98 Mb Total Physical Memory | 106.79 Mb Available Physical Memory | 41.88% Memory free
1.21 Gb Paging File | 1.14 Gb Available in Paging File | 94.11% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.37 Gb Free Space | 15.65% Space Free | Partition Type: NTFS

Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINNT\system32\tsd32.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACS) -- C:\WINNT\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110916.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110916.018\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINNT\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110915.030\IDSXpx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINNT\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SRTSP) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINNT\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Revoflt) -- C:\WINNT\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (LUsbFilt) -- C:\WINNT\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINNT\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINNT\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (usb2vcom) -- C:\WINNT\system32\drivers\usb2vcom.sys ()
DRV - (Afc) -- C:\WINNT\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINNT\system32\drivers\CoachAud.sys (FotoNation Inc.)
DRV - (AR5211) -- C:\WINNT\system32\drivers\ar5211.sys (D-Link )
DRV - (PRISM_A02) -- C:\WINNT\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (NPF) -- C:\WINNT\system32\drivers\packet.sys ()
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (dvd_2K) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (wlluc48) -- C:\WINNT\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINNT\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: CLSID key missing. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Merriam-Webster Dictionary"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: define@sogame.cat:1.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/09/07 14:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/09/19 22:55:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:42:45 | 000,000,000 | ---D | M]

[2008/09/01 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/06 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions
[2010/04/27 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/16 07:45:46 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/11 03:58:33 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/11 03:15:54 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2011/08/28 01:51:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/28 01:51:51 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/11 06:04:46 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\define@sogame.cat
[2010/03/11 03:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/11 03:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/06/18 17:04:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\searchplugins\webster.xml
[2011/09/18 22:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/18 22:43:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/19 22:55:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_1_3
[2011/09/07 14:07:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/09/06 16:22:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/18 22:39:10 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/14 13:54:11 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINNT\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/sis/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/ChatSource/gVideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E51D276-3EEE-40F8-A7C8-AB4E49213D66}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 23:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2011/09/18 22:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/09/18 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/18 22:42:44 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 22:42:43 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 21:57:50 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 21:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2011/09/16 19:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/16 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/16 18:35:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/09/16 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/16 10:55:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:54:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:36:30 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 13:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 15:35:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 14:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:52:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 19:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/08 03:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 03:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/08 03:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/09/08 03:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/08 03:06:24 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINNT\System32\drivers\revoflt.sys
[2011/09/08 03:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/08 02:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/09/08 00:06:33 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/07 23:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/09/07 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/09/06 13:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2011/09/05 19:13:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/05 19:11:49 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/09/05 19:11:48 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/09/05 19:11:48 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/05 19:11:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/09/05 19:11:47 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/05 19:11:47 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/09/05 19:11:47 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/09/05 19:11:47 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS\1206000.01D
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/09/05 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/05 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Norton
[2011/09/02 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/02 08:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Oberon Games
[2011/09/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/08/28 01:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2007/08/27 09:43:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2003/12/03 08:34:06 | 000,491,520 | ---- | C] (www.simwardrobe.com) -- C:\Program Files\SimCategorizer.exe

========== Files - Modified Within 30 Days ==========

[2011/09/19 23:22:38 | 000,000,429 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/09/19 23:22:06 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/19 22:47:00 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/18 22:38:56 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:38:56 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:38:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 22:38:55 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javacpl.cpl
[2011/09/18 22:38:52 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 21:57:53 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 20:28:02 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/18 20:00:19 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/16 10:56:00 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:47:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:47:01 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/14 15:37:05 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 15:26:57 | 000,031,256 | ---- | M] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:54:11 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/09/14 13:27:53 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:14:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:35:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 15:33:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/13 14:16:43 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 17:27:28 | 000,000,825 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2011/09/08 03:06:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 17:03:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/09/07 15:49:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/06 12:51:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 12:51:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 20:00:02 | 000,000,538 | ---- | M] () -- C:\WINNT\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/09/05 19:14:14 | 000,675,922 | ---- | M] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:28 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:28 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 16:28:06 | 000,437,465 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110911-015350.backup
[2011/09/05 16:11:36 | 000,371,883 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110905-162806.backup
[2011/09/05 12:34:15 | 000,001,355 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/09/05 09:06:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/09/02 21:20:55 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/08/28 01:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/08/24 01:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk

========== Files Created - No Company Name ==========

[2011/09/18 20:28:27 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/14 15:26:56 | 000,031,256 | ---- | C] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:28:11 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:13:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:41:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/09/13 15:34:11 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/08 03:06:39 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 15:49:40 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/07 15:42:14 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/07 15:42:10 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/06 12:51:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 12:51:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/05 19:13:38 | 000,675,922 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:29 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:29 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 19:11:49 | 000,000,000 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/09/05 19:10:43 | 000,003,373 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/09/05 19:10:43 | 000,002,792 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/09/05 19:10:43 | 000,001,474 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/09/05 19:10:43 | 000,001,446 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/09/05 19:10:43 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/05 19:10:43 | 000,001,383 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/05 19:10:43 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/09/05 19:10:30 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/09/05 19:10:30 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/09/05 19:10:29 | 000,007,528 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/05 19:10:29 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/09/05 19:10:29 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/05 19:10:29 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/05 19:10:28 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/02 21:20:53 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/08/24 01:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2009/03/18 22:06:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/12/25 19:39:44 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/04 19:09:30 | 000,000,094 | ---- | C] () -- C:\WINNT\awshkwv.ini
[2008/04/03 16:46:46 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2008/02/07 18:49:23 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2008/02/07 18:49:22 | 000,003,440 | ---- | C] () -- C:\WINNT\unins000.dat
[2008/01/23 10:48:58 | 000,029,152 | R--- | C] () -- C:\WINNT\System32\drivers\usb2vcom.sys
[2007/08/15 06:57:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/06 20:50:11 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2006/07/12 23:47:06 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2006/05/26 02:55:02 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/28 13:49:18 | 000,000,408 | ---- | C] () -- C:\WINNT\lexstat.ini
[2006/04/27 11:56:15 | 000,000,018 | ---- | C] () -- C:\WINNT\gwhotkey.ini
[2006/04/19 23:16:34 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/04/19 23:16:34 | 000,002,655 | R--- | C] () -- C:\WINNT\System32\arccsel.dat
[2006/04/19 23:16:33 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\AegisI2.exe
[2006/04/19 23:16:32 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\acs.exe
[2006/04/08 15:36:50 | 000,000,048 | ---- | C] () -- C:\WINNT\FileNamesinQueue.ini
[2005/03/02 15:24:31 | 000,000,624 | ---- | C] () -- C:\WINNT\tlknw20.ini
[2005/01/12 20:56:58 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/08 00:21:36 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/08 00:17:09 | 000,000,341 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/12/26 21:48:26 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/12/22 02:07:25 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/09 15:10:57 | 000,000,978 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/11 02:40:20 | 000,000,026 | ---- | C] () -- C:\WINNT\mscpt.dat
[2004/05/08 15:41:09 | 000,247,808 | ---- | C] () -- C:\WINNT\WINSTRUN.EXE
[2004/05/08 15:41:09 | 000,008,364 | ---- | C] () -- C:\WINNT\INSTALL.DAT
[2004/04/30 02:45:14 | 000,000,130 | ---- | C] () -- C:\WINNT\cosmiord.ini
[2004/01/20 22:28:56 | 000,109,181 | ---- | C] () -- C:\Program Files\tempfile.iff
[2003/12/03 22:38:44 | 000,001,260 | ---- | C] () -- C:\WINNT\eReg.dat
[2003/12/03 16:34:52 | 000,011,720 | ---- | C] () -- C:\WINNT\mozver.dat
[2003/11/27 21:06:16 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/11/27 20:53:30 | 000,000,035 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2003/11/27 20:44:46 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/11/27 20:44:29 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/11/27 20:42:14 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/11/27 20:41:26 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\PcdrKernelModeServices.dll
[2003/11/27 20:41:26 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/11/27 20:40:32 | 000,000,569 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 17:34:26 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 16:39:44 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2003/10/06 16:33:14 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2003/10/06 16:26:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/10/06 16:25:44 | 000,237,552 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2003/08/13 12:08:15 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\wpcap.dll
[2003/08/13 12:08:12 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\packet.dll
[2003/08/13 12:08:10 | 000,013,203 | ---- | C] () -- C:\WINNT\System32\drivers\packet.sys
[2003/04/28 23:28:52 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,449,476 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,254,037 | ---- | C] () -- C:\WINNT\System32\ati2evxx.exe
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,075,506 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== LOP Check ==========

[2008/11/01 15:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlockBreaker
[2011/08/17 02:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2006/04/28 13:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/06 01:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/03/05 09:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/10/29 02:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/02/10 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/01/23 11:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/09/09 02:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/12/11 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/08 19:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/01/25 22:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2008/01/23 12:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/05/02 12:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SECT ONLINE INTRA MEMO
[2007/03/26 03:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Souptoys
[2009/12/29 19:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/11 04:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2005/03/17 20:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/05 08:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/09/08 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/07/03 23:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/12/26 05:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2008/01/23 10:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DataLayer
[2009/04/13 23:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2008/12/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2009/04/20 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/07/08 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2006/03/29 00:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/09 13:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LaCie
[2004/02/18 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/11 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2007/08/16 04:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Toys
[2009/12/29 18:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2006/09/02 00:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Neo-Modus.com
[2008/01/23 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2006/03/18 17:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2008/01/23 12:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2007/07/07 20:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\plussoap
[2007/12/12 02:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2007/03/26 03:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Souptoys
[2004/07/24 18:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/09/07 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2008/12/11 04:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2008/11/25 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2008/12/07 03:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangentv1005
[2008/05/14 04:02:32 | 000,000,106 | ---- | M] () -- C:\WINNT\Tasks\Low Battery Alarm Program.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1DC9784
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP287FACF

< End of report >

I hope this helps. Thanks.

 

[jeffce]

Hi cosmic1,

I am checking on your display problem still. In the mean time please do the following:

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :Services
  
  :OTL
  O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
  O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

 

[cosmic1]

Hi, Jeff.
Here is the log for the OTL scan I ran after running the fix. Both went well, I think. Thanks.

OTL4.txt


OTL logfile created on: 9/20/2011 3:12:03 PM - Run 5
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.98 Mb Total Physical Memory | 92.05 Mb Available Physical Memory | 36.10% Memory free
1.21 Gb Paging File | 0.92 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 3.88 Gb Free Space | 13.88% Space Free | Partition Type: NTFS

Computer Name: MINIME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PocoMan\PocoMan.exe ()
PRC - C:\WINNT\GWHotKey.exe (BillP Studios)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll ()
MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()
MOD - C:\Program Files\PocoMan\PocoMan.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACS) -- C:\WINNT\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110919.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110919.020\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINNT\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110917.033\IDSXpx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINNT\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SRTSP) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINNT\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINNT\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (Revoflt) -- C:\WINNT\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (LUsbFilt) -- C:\WINNT\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINNT\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINNT\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (usb2vcom) -- C:\WINNT\system32\drivers\usb2vcom.sys ()
DRV - (Afc) -- C:\WINNT\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINNT\system32\drivers\CoachAud.sys (FotoNation Inc.)
DRV - (AR5211) -- C:\WINNT\system32\drivers\ar5211.sys (D-Link )
DRV - (PRISM_A02) -- C:\WINNT\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (NPF) -- C:\WINNT\system32\drivers\packet.sys ()
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (dvd_2K) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (wlluc48) -- C:\WINNT\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (ATICDSDr) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys (ATI Technologies Inc.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINNT\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Merriam-Webster Dictionary"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: define@sogame.cat:1.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer6: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/09/07 14:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/09/20 15:00:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:42:45 | 000,000,000 | ---D | M]

[2008/09/01 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/06 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions
[2010/04/27 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/16 07:45:46 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/11 03:58:33 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/11 03:15:54 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2011/08/28 01:51:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/28 01:51:51 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/11 06:04:46 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\define@sogame.cat
[2010/03/11 03:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/11 03:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/06/18 17:04:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7ptvott5.default\searchplugins\webster.xml
[2011/09/18 22:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/18 22:43:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/20 15:00:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_1_3
[2011/09/07 14:07:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/09/06 16:22:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/18 22:39:10 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/14 13:54:11 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATIModeChange] C:\WINNT\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spy bot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/sis/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/ChatSource/gVideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E51D276-3EEE-40F8-A7C8-AB4E49213D66}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 23:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2011/09/18 22:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/09/18 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/18 22:42:44 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 22:42:43 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:42:42 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 21:57:50 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 21:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2011/09/16 19:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/16 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/16 18:35:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/09/16 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/16 10:55:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:54:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:36:30 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 13:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 15:35:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 14:17:02 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:52:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 19:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/08 03:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 03:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/08 03:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/09/08 03:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/08 03:06:24 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINNT\System32\drivers\revoflt.sys
[2011/09/08 03:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/08 02:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/09/08 00:06:33 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/08 00:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/07 23:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/09/07 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/09/06 13:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2011/09/05 19:13:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/05 19:11:49 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/09/05 19:11:48 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/09/05 19:11:48 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/05 19:11:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/09/05 19:11:47 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/05 19:11:47 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/09/05 19:11:47 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/09/05 19:11:47 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS
[2011/09/05 19:10:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NIS\1206000.01D
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/05 19:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/09/05 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/05 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Norton
[2011/09/02 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/02 08:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Oberon Games
[2011/09/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/08/28 01:48:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2007/08/27 09:43:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2003/12/03 08:34:06 | 000,491,520 | ---- | C] (www.simwardrobe.com) -- C:\Program Files\SimCategorizer.exe

========== Files - Modified Within 30 Days ==========

[2011/09/20 15:02:22 | 000,000,429 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/09/20 15:00:03 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/20 14:59:47 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/20 14:47:11 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/18 22:38:56 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaws.exe
[2011/09/18 22:38:56 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javaw.exe
[2011/09/18 22:38:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\java.exe
[2011/09/18 22:38:55 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\javacpl.cpl
[2011/09/18 22:38:52 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINNT\System32\deployJava1.dll
[2011/09/18 21:57:53 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\Owner\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe
[2011/09/18 20:28:02 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/18 20:00:19 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/16 10:56:00 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/09/16 10:47:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/14 15:47:01 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/14 15:37:05 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/14 15:26:57 | 000,031,256 | ---- | M] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:54:11 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/09/14 13:27:53 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:14:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:35:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/13 15:33:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/13 14:16:43 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/11 20:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/08 17:27:28 | 000,000,825 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2011/09/08 03:06:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 17:03:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/09/07 15:49:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/06 12:51:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 12:51:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 20:00:02 | 000,000,538 | ---- | M] () -- C:\WINNT\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/09/05 19:14:14 | 000,675,922 | ---- | M] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:28 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2011/09/05 19:13:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2011/09/05 19:13:28 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:28 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 16:28:06 | 000,437,465 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110911-015350.backup
[2011/09/05 16:11:36 | 000,371,883 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20110905-162806.backup
[2011/09/05 12:34:15 | 000,001,355 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/09/05 09:06:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/09/02 21:20:55 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/08/28 01:48:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/08/24 01:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk

========== Files Created - No Company Name ==========

[2011/09/20 00:50:48 | 267,436,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/18 20:28:27 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/09/14 15:26:56 | 000,031,256 | ---- | C] () -- C:\{FE7475AD-7719-4A30-8E26-5E65D7D703D7}
[2011/09/14 13:28:11 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/09/13 16:13:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/13 15:41:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/09/13 15:34:11 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/08 03:06:39 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/08 00:04:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2011/09/07 15:49:40 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 15:49:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/09/07 15:42:14 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003UA.job
[2011/09/07 15:42:10 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-506075566-2965718124-3205215984-1003Core.job
[2011/09/06 12:51:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 12:51:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/05 19:13:38 | 000,675,922 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/05 19:13:29 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2011/09/05 19:13:29 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2011/09/05 19:11:49 | 000,000,000 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/09/05 19:10:43 | 000,003,373 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/09/05 19:10:43 | 000,002,792 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/09/05 19:10:43 | 000,001,474 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/09/05 19:10:43 | 000,001,446 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/09/05 19:10:43 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/05 19:10:43 | 000,001,383 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/05 19:10:43 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/09/05 19:10:30 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/09/05 19:10:30 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/09/05 19:10:29 | 000,007,528 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/05 19:10:29 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/09/05 19:10:29 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/05 19:10:29 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/05 19:10:28 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/02 21:20:53 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/08/24 01:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PocoMan.lnk
[2009/03/18 22:06:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/12/25 19:39:44 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/04 19:09:30 | 000,000,094 | ---- | C] () -- C:\WINNT\awshkwv.ini
[2008/04/03 16:46:46 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2008/02/07 18:49:23 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2008/02/07 18:49:22 | 000,003,440 | ---- | C] () -- C:\WINNT\unins000.dat
[2008/01/23 10:48:58 | 000,029,152 | R--- | C] () -- C:\WINNT\System32\drivers\usb2vcom.sys
[2007/08/15 06:57:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/06 20:50:11 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2006/07/12 23:47:06 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2006/05/26 02:55:02 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/28 13:49:18 | 000,000,408 | ---- | C] () -- C:\WINNT\lexstat.ini
[2006/04/27 11:56:15 | 000,000,018 | ---- | C] () -- C:\WINNT\gwhotkey.ini
[2006/04/19 23:16:34 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/04/19 23:16:34 | 000,002,655 | R--- | C] () -- C:\WINNT\System32\arccsel.dat
[2006/04/19 23:16:33 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\AegisI2.exe
[2006/04/19 23:16:32 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\acs.exe
[2006/04/08 15:36:50 | 000,000,048 | ---- | C] () -- C:\WINNT\FileNamesinQueue.ini
[2005/03/02 15:24:31 | 000,000,624 | ---- | C] () -- C:\WINNT\tlknw20.ini
[2005/01/12 20:56:58 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/08 00:21:36 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/08 00:17:09 | 000,000,341 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/12/26 21:48:26 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/12/22 02:07:25 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/09 15:10:57 | 000,000,978 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/11 02:40:20 | 000,000,026 | ---- | C] () -- C:\WINNT\mscpt.dat
[2004/05/08 15:41:09 | 000,247,808 | ---- | C] () -- C:\WINNT\WINSTRUN.EXE
[2004/05/08 15:41:09 | 000,008,364 | ---- | C] () -- C:\WINNT\INSTALL.DAT
[2004/04/30 02:45:14 | 000,000,130 | ---- | C] () -- C:\WINNT\cosmiord.ini
[2004/01/20 22:28:56 | 000,109,181 | ---- | C] () -- C:\Program Files\tempfile.iff
[2003/12/03 22:38:44 | 000,001,260 | ---- | C] () -- C:\WINNT\eReg.dat
[2003/12/03 16:34:52 | 000,011,720 | ---- | C] () -- C:\WINNT\mozver.dat
[2003/11/27 21:06:16 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/11/27 20:53:30 | 000,000,035 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2003/11/27 20:44:46 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/11/27 20:44:29 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/11/27 20:42:14 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/11/27 20:41:26 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\PcdrKernelModeServices.dll
[2003/11/27 20:41:26 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/11/27 20:40:32 | 000,000,569 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 17:34:26 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 16:39:44 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2003/10/06 16:33:14 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2003/10/06 16:26:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/10/06 16:25:44 | 000,237,552 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2003/08/13 12:08:15 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\wpcap.dll
[2003/08/13 12:08:12 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\packet.dll
[2003/08/13 12:08:10 | 000,013,203 | ---- | C] () -- C:\WINNT\System32\drivers\packet.sys
[2003/04/28 23:28:52 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,449,476 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,254,037 | ---- | C] () -- C:\WINNT\System32\ati2evxx.exe
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,075,506 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1DC9784
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP287FACF

< End of report >

 

[jeffce]

Great!! Are you still having problems with your display? If so, does it happen in Safe Mode or Normal Mode or both?

 

[cosmic1]

Hi, Jeff.
The display problems happen in both modes. Sometimes shutting down and restarting helps, and sometimes it doesn't. This may seem odd, but sometimes it happens when the laptop is bumped or moved. That's pretty much all the details I have. Thanks.

 

[jeffce]

Hi cosmic1,

Lets check to see if there is anything reporting in Device Manager. Go to Start > Control Panel > System > click the Hardware tab > click on Device Manager. Are there any warnings or alerts noted in Device Manager? Be sure to look through everything.

How is your system running otherwise?

 

[cosmic1]

According to the device manager, everything is fine. The display is the only problem that I'm having now. Everything else is ok!

 

[jeffce]

Hi cosmic1,

This may seem odd, but sometimes it happens when the laptop is bumped or moved.

It seems like you may have a loose or faulty cable. I have to admit that hardware problems are really not my area. I don't see any malware in your logs so I do not believe that it is malware related.

I would advise that you visit What the Tech and go to the Hardware-Notebooks forum. It can be found here >> http://forums.whatthetech.com/index.php?showforum=129 You will have to register before you can post there, but they should be better able to help you with this problem. When you do post there be sure to copy/paste the link from here so they can see what we have done. The link here is >> http://forums.spybot.info/showthread.php?t=63852

Having said that...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

• Open Internet Explorer
• Click on Tools > Internet Options
• Press Security tab
• Select Internet zone then place check next to Enable Protected Mode if not already done
• Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
• Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
**Do not install more than one firewall program because they will conflict with each other**

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?


Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

 

[cosmic1]

Hi, Jeff.
I did the OTL cleanup, and that ran well. I will definitely read the articles that you suggested. I don't really use Internet Explorer; I primarily use Firefox and sometimes Chrome. Are there ways I can make them more secure? Also, I use Norton as security, firewall, etc. There was a brief period of time when I did not have it, so maybe that's when I got infected. I've been using Spybot Search and Destroy for years, and don't think I will stop any time soon. It is a great program.
You have pretty much solved my problem with great satisfaction. Can you tell me what I was infected with, and when and how if possible? I would really like to have as much information as possible.
Thank you very much for all of your help. You have been patient and gracious every step of the way. I could not have done this without you, and I can't thank you enough. :thanks:

 

[jeffce]

Hi cosmic1,

Glad that I could be of help.
----------

I don't really use Internet Explorer; I primarily use Firefox and sometimes Chrome. Are there ways I can make them more secure?

We keep Internet Explorer up to date because that is the browser that Windows uses for updates.
I use Firefox myself and I use two plugins to help with securing the browser... NoScript and AdBlock.
With Chrome there are two plugins that I would recommend that do the same as the ones I suggested for Firefox. They are called NotScript and AdBlock.
----------

Can you tell me what I was infected with, and when and how if possible?

You had a few entries that were malware/adware, but nothing major luckily. Just keep your software up-to-date and that should really help. Some of the reading that I have provided will help as well.
----------

It was nice working with you. If you don't have any more questions we can probably close this out.

 

[cosmic1]

Hi, Jeff.
You can definitely close out the case. It was nice working with you, too. Thanks for all of your help.

 

[jeffce]

:greeting: You are quite welcome.


Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.