Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

XP freezes


  • This topic is locked This topic is locked
30 replies to this topic

#1 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 06 October 2010 - 07:16 PM

Thanks in advance, this computer is several years old running XP. I did a factory restore on it and then loaded norton 360. It continues to freeze up. I've uninstalled norton and it still freezes. I tried to run HJT but is says there's a host file preventing it from accessing, so I ran DDS and here is the log. Currently I can't update windows with SP 3, it freezes before it completes and the most recent JAVA won't finish loading either. Lib\deploy.jar: old file not found error.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 18:01:27.35 on Wed 10/06/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.196 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=290682F001CAAE5B032F1919&src_id=11077&camp_id=%3D145&tb_version=2.5.9000.490
mSearchAssistant = hxxp://search.alot.com/sidebar?pr=asst&client_id=290682F001CAAE5B032F1919&install_time=2010-02-15T16:23:07Z&src_id=11077&camp_id=%3D145&tb_version=2.5.9000.490&url=http%3A%2F%2Fwww%2Eyahoo%2Ecom%2F
uURLSearchHooks: H - No File
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com netassistant\NetAssistant.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com netassistant\NetAssistant.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &Search - http://edits.mywebse...?p=ZLxdm065YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\oeoo6nht.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-11 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-11 173104]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-11 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-11 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-6-11 126392]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100914.003\IDSXpx86.sys [2010-9-16 331640]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-8-31 692272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100916.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100916.002\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100916.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100916.002\NAVEX15.SYS [?]

=============== Created Last 30 ================

2010-10-03 11:08 <DIR> --d----- c:\program files\Yontoo Layers Client
2010-10-03 11:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Tarma Installer
2010-09-30 21:22 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-09-30 21:21 <DIR> --d----- c:\program files\Symantec
2010-09-30 21:21 <DIR> --d----- c:\windows\system32\drivers\N360
2010-09-30 21:21 <DIR> --d----- c:\program files\Norton 360
2010-09-30 21:21 <DIR> --d----- c:\program files\NortonInstaller
2010-09-30 21:17 <DIR> --d----- c:\windows\system32\CatRoot_bak
2010-09-30 18:27 <DIR> --d----- c:\windows\system32\scripting
2010-09-30 18:09 <DIR> --dsh--- C:\found.000
2010-09-16 21:47 <DIR> --d----- c:\program files\Mozilla Firefox(2)

==================== Find3M ====================

2010-09-30 18:33 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-09-30 18:33 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\localcontent\attachments\devcon.exe
2010-09-30 18:33 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchnotify.exe
2010-09-30 18:33 3,072 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\pchealthde.exe
2010-09-30 18:33 159,744 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\PCHButton.exe
2010-09-30 18:33 77,824 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\FDIWrapper.dll
2010-09-30 18:33 26,572 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\INV16.dll
2010-09-30 18:33 69,632 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\msxmlwrapper.dll
2010-09-30 18:33 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\ScDmi.dll
2010-09-30 18:33 49,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\PCHI18N.dll
2010-09-28 07:06 620 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 18:02:17.87 ===============

Advertisement


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 08 October 2010 - 10:10 PM

Hi passing thought, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

I've uninstalled norton and it still freezes.

Norton is still alive and running on your computer. The install may be corrupted by a possible older version of an antivirus program included in the factory restore. This may also explain the problems with SP3.

Please run DDS and post the Attach.txt.

Thanks

#3 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 08 October 2010 - 10:18 PM

There seems to be a lot of carp** on this machine even though I ran a factory restore, I'd like this machine to be basically bare bones, thanks for the help. Here is the attach txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 1/6/2010 8:01:04 PM System Uptime: 10/6/2010 5:53:12 PM (1 hours ago) Motherboard: ASUSTeK Computer INC. | | Goldfish3 Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2933/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 144 GiB total, 81.477 GiB free. D: is FIXED (FAT32) - 5 GiB total, 0.556 GiB free. E: is CDROM (CDFS) F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP140: 9/16/2010 8:03:52 AM - System Checkpoint RP141: 9/16/2010 8:04:20 AM - System Checkpoint RP142: 9/27/2010 7:30:55 AM - Installed Java™ 6 Update 21 RP143: 9/27/2010 7:36:56 AM - Installed Java™ 6 Update 21 RP144: 9/27/2010 7:39:10 AM - Installed Java™ 6 Update 21 RP145: 9/27/2010 7:42:04 AM - Installed Java™ 6 Update 21 RP146: 9/28/2010 8:53:49 AM - System Checkpoint RP147: 9/30/2010 5:34:03 PM - Installed Java™ 6 Update 21 RP148: 9/30/2010 5:34:14 PM - Software Distribution Service 3.0 RP149: 9/30/2010 6:15:55 PM - Software Distribution Service 3.0 RP150: 9/30/2010 9:16:21 PM - Restore Operation RP151: 10/1/2010 3:56:24 PM - Removed Google Earth. RP152: 10/2/2010 3:58:54 PM - System Checkpoint RP153: 10/3/2010 6:25:51 PM - System Checkpoint RP154: 10/4/2010 8:20:02 PM - System Checkpoint RP155: 10/6/2010 5:36:17 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0 Adobe Shockwave Player 11.5 Agere Systems PCI Soft Modem ALOT Toolbar Apple Application Support Apple Software Update Audacity 1.2.6 Bonjour Compaq Connections Compaq Organize Easy Internet Sign-up Google Chrome Google Earth Google Update Helper Help and Support Additions High Definition Audio Driver Package - KB835221 Hotfix for Windows XP (KB935448) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HpSdpAppCoreApp InterVideo DiscLabel InterVideo WinDVD Creator InterVideo WinDVD Player iTunes Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java™ 6 Update 18 KBD Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft Office Standard Edition 2003 Microsoft Plus! Dancer LE Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Works Mozilla Firefox (3.6.10) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My.Freeze.com NetAssistant Norton 360 PC-Doctor for Windows PS2 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QuickTime RealPlayer Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981350) Sonic Express Labeler Sonic RecordNow! Update for Windows XP (KB898461) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) WebFldrs XP WildTangent Web Driver Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB890175 Yahoo! Software Update Yahoo! Toolbar Yontoo Layers Client 1.10.01 ==== Event Viewer Messages From Past Week ======== 9/30/2010 9:24:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 9/30/2010 9:24:23 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared. 9/30/2010 9:24:13 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0011D886640A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 9/30/2010 9:09:41 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The specified driver is invalid. 9/30/2010 9:09:41 PM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The specified driver is invalid. 9/30/2010 9:09:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tcpip 9/30/2010 9:09:07 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified driver is invalid. 9/30/2010 9:09:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/30/2010 9:09:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/30/2010 9:09:04 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/30/2010 9:09:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/30/2010 9:06:41 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 9/30/2010 6:11:44 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. 9/30/2010 6:00:55 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 9/30/2010 6:00:55 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 9/30/2010 5:34:56 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. 10/4/2010 7:55:15 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 10/4/2010 5:46:03 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.2 with the system having network hardware address 00:1D:4F:D1:8B:67. Network operations on this system may be disrupted as a result. 10/4/2010 5:41:04 PM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 0011D886640A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 10/4/2010 5:14:35 PM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 0011D886640A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 10/3/2010 7:05:24 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0011D886640A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 10/1/2010 8:09:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 10/1/2010 4:13:26 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) ==== End Of File ===========================

#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 09 October 2010 - 12:14 AM

Hi passing thought,

We'll start by uninstalling a few things. We should do a complete removal and reinstall of your Norton N360 also.

Did you reinstall Google Earth?

Make sure you have your N360 disk handy as you will need it at the end.


Let's keep Windows Updates from auto installing for now. We can set it back later.


Click your start button > Control Panel > System

  • Click on the Automatic updates tab.
  • Click the dot beside Notify me but don't automatically download them or install them
  • Click Apply, click ok

Download the Norton Removal Tool from HERE and save it to your desktop. Do not run it yet.

You may want to print out the rest of these instructions or copy and paste them into a notepad and save it to your desktop. You will need them for reference as you will be disconnected from the internet with no access to this topic.

Disconnect completely from the internet. Pull the plug on the modem if necessary.

Go to Start > Control Panel > Add/Remove programs and uninstall the following if present.

ALOT Toolbar
Java 2 Runtime Environment, SE v1.4.2_03
My.Freeze.com NetAssistant
Norton 360



Next Double click on Norton_Removal_Tool.exe to run the tool.

Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.


Reinstall Norton 360.

Reconnect to the internet.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Please post back with
  • both OTL log
Thanks

#5 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 09 October 2010 - 08:10 AM

Thanks for the help. Before I do the actions you request there are a few things I need to get clarification for. The Restore that i performed on this machine was several months ago and yes there have been programs installed since then including Google Earth. If it is easier or cleaner, I can do a complete restore before we start. Also, I don't have the norton 360 disc as I downloaded it from the internet when I started, is this going to be a problem. If you want me to do a system restore, would you like that I leave firefox off or reinstall it as my default browser. IE 6 will be the browser that comes back with the restore. I have another machine to access the forum for instructions so turning off the internet is not a problem. I'll be waiting to hear what you want me to do to get start. I greatly appreciate the help. Thanks

#6 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 09 October 2010 - 09:44 AM

Hi passingthought, Sorry I misunderstood. I read it as you had just done the factory restore. We can proceed without doing a factory restore and try to resolve the issues. You will need the N360 product code and download it before we start. Most Brand Name computers come with a trial Antivirus, either Norton or McAfee usually, included in the factory restore. I suspect this may be the source of some of your problems. Do you recall which AV came with your computer?

#7 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 09 October 2010 - 10:12 AM

Ok, I haven't done anything yet, so we can start over from where you say. It took me a few minutes but I found the Norton 360 product Key, Looks like I downloaded it on June 11th. This machine came with a Symantic anti virus i think (I have too many to remember for sure). I thought I'd upgrade and run one because my kids use this computer. The product i bought allows me to load it on up to three machines, but I've never been able to get norton to be anything but a pain in my rear.

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 09 October 2010 - 10:28 AM

Hi passingthought, Norton can be a bit of a pain. There are some free alternatives out there, but since you paid for the product no point in wasting the money. The NRT should remove all tracs of Norton alloowing for a clean install of N360. Post the logs when ready.

#9 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 09 October 2010 - 09:26 PM

Ok a few things happened during this process.
1. My.Freeze.com NetAssistant won't uninstall. I get an error from Wise Uninstaller: "could not open install.log file"
2. Norton 360 did not disappear from control panel when removed, but when i ran the NRT it is now gone.
3. I did not reinstall Norton 360, when we're all done, I'll decide which AV to run, I've really never liked Norton, but we'll see
4. During the OTL process, i got an error saying it could find the drive, please insert disc. I cancelled that and it continued on.
5. The computer is still freezing up after 15-20 minutes of being on. I get a win32 error but i didn't write down the exact words, next time I'll write it down.
6. About every other time when I open my browser a second tab opens and navigates to random sites.

here are the requested logs. I tried to send both, then one at a time but they won't upload, maybe too big. I'm attaching them.
Thanks

OTL logfile created on: 10/9/2010 7:57:33 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 81.14 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.56 Gb Free Space | 10.60% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (winachsf) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys File not found
DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- C:\WINDOWS\System32\DRIVERS\smserial.sys File not found
DRV - (HSFHWBS2) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys File not found
DRV - (HSF_DP) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows Server 2003 DDK provider)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 17:37:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 17:37:01 | 000,000,000 | ---D | M]

[2010/10/06 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/10/03 11:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9oxymohk.default\extensions
[2010/10/03 11:08:32 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9oxymohk.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2010/10/03 11:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9oxymohk.default\extensions\plugin@yontoo.com
[2010/10/06 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\oeoo6nht.default\extensions
[2010/10/06 17:37:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/11 10:25:43 | 000,002,690 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 85.13.206.115 u07012010u.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.82.216.3 www.google.com
O1 - Hosts: 74.82.216.3 google.com
O1 - Hosts: 74.82.216.3 google.com.au
O1 - Hosts: 74.82.216.3 www.google.com.au
O1 - Hosts: 74.82.216.3 google.be
O1 - Hosts: 74.82.216.3 www.google.be
O1 - Hosts: 74.82.216.3 google.com.br
O1 - Hosts: 74.82.216.3 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows Server 2003 DDK provider)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 10:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/31 20:48:19 | 000,000,424 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4ffeaf08-4515-11df-bc66-0011d886640a}\Shell - "" = AutoRun
O33 - MountPoints2\{4ffeaf08-4515-11df-bc66-0011d886640a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ffeaf08-4515-11df-bc66-0011d886640a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 19:53:42 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/10/09 19:44:07 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/10/09 19:09:34 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/10/09 10:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/06 17:43:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe
[2010/10/06 17:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/03 11:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2010/10/03 11:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/10/03 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Panda3D
[2010/09/30 21:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/09/30 21:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/09/30 21:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/09/30 21:06:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/30 18:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/09/30 18:27:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/30 18:09:42 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/09/17 00:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/09/16 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2010/09/16 21:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla
[2010/09/16 21:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/09 19:55:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/09 19:53:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/10/09 19:45:47 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/09 19:45:42 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/09 19:45:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 19:45:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 19:45:34 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 19:39:51 | 003,047,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/10/09 19:39:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/10/09 19:19:42 | 001,069,966 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/10/09 19:09:15 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/10/06 18:00:41 | 000,359,929 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/10/06 17:43:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe
[2010/10/06 17:37:02 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/06 17:37:02 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/06 17:33:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 15:57:41 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/30 21:25:46 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/30 21:24:03 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 21:10:15 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/30 21:10:15 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/30 18:24:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/28 07:06:18 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Galina's Rabbit.wps
[2010/09/28 07:06:18 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/09/16 21:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 21:23:54 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 18:00:56 | 000,359,929 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/10/06 17:37:02 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/06 17:37:02 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/01 15:57:41 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/30 21:23:48 | 001,069,966 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/09/28 07:06:18 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Galina's Rabbit.wps
[2010/09/16 21:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/16 08:03:58 | 003,047,424 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/06/11 09:50:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/11 08:59:09 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0995154505553.xxe
[2010/06/11 08:22:36 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0995255484852.xxe
[2010/06/09 19:35:45 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\055102102565799.xxe
[2010/06/09 19:30:35 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\01005153535554.xxe
[2010/06/08 07:09:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0505448994955.xxe
[2010/06/08 07:09:43 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\09857491009853.xxe
[2010/06/07 19:57:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\05557102489799.xxe
[2010/06/04 19:22:13 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\05249485410152.xxe
[2010/06/02 18:35:57 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\052575210198102.xxe
[2010/05/31 08:16:34 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0569949489854.xxe
[2010/05/31 08:16:01 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\048102515610049.xxe
[2010/05/31 08:15:58 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0535049569854.xxe
[2010/01/25 20:44:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/01/09 10:09:58 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2010/01/06 21:02:31 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2009/01/05 17:44:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\inferno.dll
[2006/05/07 18:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/05/06 05:04:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\Pynix.dll
[2006/05/06 05:04:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alxtb1.dll
[2006/05/06 05:04:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alxie328.dll
[2006/05/06 05:04:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alexaie.dll
[2006/04/21 20:19:49 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/08 14:32:03 | 000,000,143 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2006/04/08 03:20:25 | 000,000,190 | ---- | C] () -- C:\WINDOWS\TOFMAP.ini
[2006/04/08 03:18:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\THUMBV~1.INI
[2006/04/08 03:14:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/04/08 03:09:50 | 000,004,011 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2006/04/08 03:09:50 | 000,000,402 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2006/03/16 23:08:08 | 000,000,007 | ---- | C] () -- C:\WINDOWS\lpconfig.ini
[2006/01/22 00:53:15 | 000,000,071 | ---- | C] () -- C:\WINDOWS\QFP.INI
[2006/01/22 00:53:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/01/22 00:53:09 | 000,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
[2006/01/21 21:15:41 | 000,001,599 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/31 17:07:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/26 06:06:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/11/18 02:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/07/29 22:49:36 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/28 05:45:10 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/04/28 23:55:15 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/02/16 12:06:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 12:02:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/16 12:02:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/16 12:02:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/16 12:02:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/16 12:02:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/16 12:02:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/16 11:33:59 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/16 11:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/16 11:33:33 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/16 11:30:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 11:19:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/16 11:16:13 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/16 11:06:48 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/16 02:17:03 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/01/28 21:31:05 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/01/28 21:31:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/01/28 21:30:48 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 23:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/16 04:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/22 20:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/22 17:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/04/29 17:42:05 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2004/10/15 10:38:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/03 11:51:49 | 000,000,667 | ---- | M] () -- C:\BnetLog.txt
[2010/01/06 20:59:54 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/01/07 15:44:36 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/03 21:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/15 10:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/15 13:55:15 | 000,038,099 | ---- | M] () -- C:\CybDefInstallInfo.log
[2005/03/25 02:34:57 | 000,000,004 | -HS- | M] () -- C:\dllimp_regmsft985
[2010/06/08 07:09:42 | 000,000,904 | ---- | M] () -- C:\fb20100608.log
[2010/06/09 19:35:44 | 000,000,900 | ---- | M] () -- C:\fb20100609.log
[2010/10/09 19:45:34 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2005/01/28 21:30:48 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2005/08/09 15:05:03 | 000,000,489 | ---- | M] () -- C:\ICSYSINF.log
[2004/10/15 10:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/19 04:39:42 | 000,010,434 | ---- | M] () -- C:\LgDSetup.log
[2005/04/24 03:57:46 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2004/10/15 10:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/04/19 04:37:57 | 000,040,186 | ---- | M] () -- C:\MSIInstall.log
[2004/08/03 21:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/30 18:24:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/09 19:45:33 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/12/21 03:48:43 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2006/04/19 04:34:38 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/10/15 10:37:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/05/07 13:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7I.DLL
[2005/05/07 13:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7I.DLL
[2003/06/19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/09/11 12:28:18 | 000,983,040 | ---- | M] (Popcap Games) -- C:\WINDOWS\FeedingFrenzy.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2004/05/17 18:50:58 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\My Yahoo!.url
[2004/05/17 18:49:54 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Bookmarks.url
[2004/05/18 00:26:04 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Mail.url
[2004/05/18 00:13:06 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo!

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/10/15 03:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/15 03:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/15 03:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/10/15 10:38:26 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/07 22:47:29 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/15 03:41:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/06 17:43:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe
[2010/10/09 19:09:15 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/10/09 19:53:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/30 21:09:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/09 19:55:07 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 09:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2004/08/04 14:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 16:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2002/12/06 18:10:40 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\doc.ico
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system\*.dat >
[2010/10/09 19:45:42 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system\hpsysdrv.dat

< %systemroot%\system\*.exe >
[1998/05/07 16:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/05/31 11:08:13 | 000,395,292 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/09 19:39:51 | 003,047,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2005/02/16 11:25:41 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
[2005/02/16 11:25:41 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
[2005/02/16 11:25:41 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
[2005/02/16 11:25:41 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
[2005/02/16 11:25:41 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2010/05/07 19:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/03/18 19:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2005/08/18 12:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2010/01/02 18:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/04/21 20:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/06/11 10:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2005/02/16 11:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\BackWeb
[2010/01/02 18:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2005/12/03 09:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Borland
[2006/04/21 20:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/06/11 11:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/09/09 03:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common FilesMicrosoft Shared
[2005/02/16 11:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq Connections
[2004/11/03 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/02/16 11:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/03/20 09:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2009/11/05 07:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Photo Navigator 1.0
[2005/04/24 04:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/06/07 20:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2009/12/25 10:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/05/01 17:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/11 10:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2006/03/22 01:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\GameHouse
[2010/08/31 20:34:43 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/02/15 20:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2006/02/11 16:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2005/02/16 11:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Help and Support Additions
[2005/02/16 11:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/11/23 10:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Inbox Toolbar
[2010/06/11 10:44:13 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/12/31 17:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2005/02/16 11:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2010/09/30 21:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/03/01 05:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\InterPoker
[2005/02/16 12:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2006/01/22 00:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2005/02/16 11:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/08 08:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/06 18:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/03/16 22:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\KODAK
[2006/03/07 00:51:37 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/06/11 10:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\Live Security Suite
[2005/04/24 03:59:02 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2005/02/16 12:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Macrovision Corp
[2010/09/30 21:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/02/16 11:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/11/03 22:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/01/03 14:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2005/02/16 11:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/02/16 11:28:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Dancer LE
[2005/02/16 11:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/02/16 11:28:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2005/02/16 11:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/02/16 11:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/02/16 11:29:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/09/30 21:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/11/23 10:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/06 17:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/09/30 21:22:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox(2)
[2009/11/24 12:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/05/04 18:32:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/05/28 15:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/02/16 11:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2004/11/03 22:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/05/09 03:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/03/18 20:08:48 | 000,000,000 | -HSD | M] -- C:\Program Files\MsUpdate
[2007/06/10 10:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/05/24 04:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2010/06/11 10:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\My.Freeze.com NetAssistant
[2005/05/01 05:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL
[2010/06/11 10:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2010/09/30 21:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/04/08 03:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Newsoft
[2006/02/12 15:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Noble Poker
[2010/06/11 11:33:33 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2005/04/24 02:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2006/03/16 23:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Oleansoft
[2010/01/01 19:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\On Hand Software
[2005/02/16 11:41:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2005/07/27 05:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Optimistec
[2010/09/30 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/11/18 02:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2006/02/14 15:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\ParadisePoker
[2006/04/27 13:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2006/02/22 01:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\PartyPoker
[2005/02/16 11:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2010/06/11 10:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2010/06/11 12:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Pivot Stickfigure Animator
[2006/05/24 04:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Pocket Tunes
[2006/02/19 03:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\Poker Tracker V2
[2006/04/28 00:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\PokerOffice
[2009/05/03 13:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010/01/01 20:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2006/01/21 21:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/01/06 21:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/02/16 11:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/06/11 11:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2009/11/24 12:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/11 10:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic(2)
[2006/04/21 20:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2005/12/03 09:44:01 | 000,000,000 | ---D | M] -- C:\Program Files\Science Sportsware
[2005/02/16 11:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2005/02/16 11:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic RecordNow!
[2006/04/10 03:50:50 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/05/07 17:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec Client Security
[2006/05/24 03:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Thomson
[2005/07/04 20:19:08 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2010/06/11 10:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft(2)
[2010/01/03 14:55:57 | 000,000,000 | ---D | M] -- C:\Program Files\UBNet
[2004/11/03 22:20:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/11/23 10:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/06/09 12:09:29 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/06/11 10:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\webserver
[2010/06/11 11:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/10/15 19:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/30 21:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/09/30 21:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/11 11:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/11/03 22:20:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/11/03 22:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/08/26 14:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/11/15 08:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2010/10/03 11:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client
[2010/01/02 13:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2004/08/03 21:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %ProgramFiles%\Microsoft Office\OFFICE11\*.* >
[2003/07/15 06:43:20 | 000,087,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\ADDRPARS.DLL
[2003/07/15 06:57:34 | 000,038,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\AUTHZAX.DLL
[2003/07/15 06:53:06 | 000,094,768 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\AW.DLL
[2002/07/29 23:32:10 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\BIDI32.DLL
[2003/07/15 06:53:24 | 000,060,984 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\BLNMGR.DLL
[2003/07/15 06:53:22 | 000,046,144 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\BLNMGRPS.DLL
[2003/07/15 11:14:28 | 000,350,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\CDLMSO.DLL
[1997/08/19 09:37:00 | 000,031,497 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\CGMIMP32.HLP
[1999/01/15 22:20:40 | 000,112,351 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\CLIPPIT.ACG
[1999/01/15 22:20:42 | 002,904,417 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\CLIPPIT.ACS
[2000/11/14 04:59:00 | 000,116,591 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\DESIGNER.XML
[2003/07/26 02:57:20 | 000,075,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\DLGSETP.DLL
[1999/01/15 22:20:14 | 000,032,191 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\DOT.ACG
[1999/01/15 22:20:14 | 000,555,163 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\DOT.ACS
[2003/07/15 06:56:54 | 000,014,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\DSITF.DLL
[2003/07/15 06:57:14 | 000,098,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\DSSM.EXE
[2001/01/13 01:15:36 | 000,468,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\EEFONTS.DLL
[2003/07/31 23:19:52 | 000,131,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\ENVELOPE.DLL
[2003/08/13 10:34:38 | 010,073,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
[2003/03/20 07:23:56 | 000,001,652 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\EXCEL.PIP
[2003/06/03 22:42:30 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\EXCHCSP.DLL
[2003/06/03 23:18:20 | 000,080,996 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\EXLPRTID.XML
[2003/07/26 02:57:58 | 000,345,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\EXSEC32.DLL
[1999/01/15 22:20:42 | 000,162,709 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\F1.ACG
[1999/01/15 22:20:42 | 002,554,070 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\F1.ACS
[2003/07/15 06:41:44 | 000,013,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\FINDER.EXE
[2003/07/24 07:01:40 | 001,949,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\FPCUTL.DLL
[2003/07/15 07:36:14 | 000,186,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\FPDTC.DLL
[2003/06/20 21:28:28 | 001,777,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL
[2003/07/15 07:11:42 | 002,139,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\GRAPH.EXE
[1998/12/09 03:53:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\HLP95EN.DLL
[2003/07/15 06:57:44 | 000,087,096 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\IEAWSDC.DLL
[2003/07/24 06:32:32 | 000,121,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\IMPMAIL.DLL
[2003/07/12 10:27:42 | 000,000,570 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\INTLBAND.HTM
[2003/07/15 06:57:12 | 000,064,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\INTLDATE.DLL
[1999/01/15 22:20:46 | 000,127,537 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\LOGO.ACG
[1999/01/15 22:20:46 | 001,030,546 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\LOGO.ACS
[2003/07/15 06:56:20 | 000,096,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MCPS.DLL
[2003/07/15 06:46:08 | 000,176,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MIMEDIR.DLL
[2003/07/15 06:41:54 | 000,029,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
[1999/01/15 22:20:46 | 000,104,616 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\MNATURE.ACG
[1999/01/15 22:20:46 | 001,530,968 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\MNATURE.ACS
[2003/07/15 07:01:44 | 000,445,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MODHELP.DLL
[2003/07/15 06:56:14 | 000,040,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSE7.EXE
[2000/04/03 21:13:40 | 000,003,638 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\MSN.ICO
[2003/07/15 06:57:16 | 000,120,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOAUTH.DLL
[2003/07/15 11:14:18 | 000,106,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOCF.DLL
[2003/07/24 06:35:26 | 000,127,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOCFU.DLL
[2003/07/15 06:52:52 | 000,027,704 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\MSODCW.DLL
[2003/07/15 06:52:58 | 000,067,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
[2003/07/15 06:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOHTMED.EXE
[2003/07/15 06:56:16 | 000,054,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOMSE.DLL
[2003/07/15 06:52:54 | 000,028,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOSTYLE.DLL
[2003/07/15 06:53:00 | 000,055,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOSVABW.DLL
[2003/07/15 06:53:20 | 000,039,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOSVFBR.DLL
[2003/07/15 06:46:24 | 000,200,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOUTL.OLB
[2003/04/10 00:20:56 | 000,001,900 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\MSOUTLO.PIP
[2000/11/09 18:49:16 | 001,200,177 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSOWCW.DLL
[2003/07/15 11:18:56 | 000,248,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSPPT.OLB
[2003/07/15 07:02:42 | 000,637,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSQRY32.EXE
[2003/07/15 07:02:14 | 000,627,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
[2003/07/15 06:56:24 | 000,124,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSTORE.EXE
[2003/07/24 06:40:00 | 000,482,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSTORES.DLL
[2001/01/23 20:41:10 | 000,831,562 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSUSP.DLL
[2003/07/15 07:00:54 | 000,145,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSWEBCAP.DLL
[2003/07/15 06:51:14 | 000,665,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MSWORD.OLB
[2003/03/05 00:57:20 | 000,141,952 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft Office\OFFICE11\MULTIMGR.DLL
[2001/01/30 04:03:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\MULTIQ.DLL
[2003/07/15 06:57:10 | 000,056,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\NAME.DLL
[2001/01/23 19:15:48 | 000,001,696 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISECHS.TXT
[2001/01/23 19:15:48 | 000,001,696 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISECHT.TXT
[2001/01/23 19:15:50 | 000,149,848 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEDEU.TXT
[2001/01/23 19:15:50 | 000,000,755 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEENG.TXT
[2001/01/23 19:15:50 | 000,000,755 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEENU.TXT
[2001/01/23 19:15:50 | 000,019,684 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEESN.TXT
[2001/01/23 19:15:50 | 000,049,196 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEFRA.TXT
[2001/01/23 19:15:50 | 000,019,618 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEITA.TXT
[2001/01/23 19:15:50 | 000,002,060 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEJPN.TXT
[2001/01/23 19:15:50 | 000,001,486 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISEKOR.TXT
[2001/01/23 19:15:50 | 000,000,745 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISENEU.TXT
[2001/01/23 19:15:50 | 000,013,256 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISENLD.TXT
[2001/01/23 19:15:50 | 000,013,730 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISESVE.TXT
[2001/01/23 19:15:50 | 000,000,697 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\NOISETHA.TXT
[2003/07/15 06:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\NPOFFICE.DLL
[1999/01/15 22:20:46 | 000,136,869 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OFFCAT.ACG
[1999/01/15 22:20:46 | 002,071,708 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OFFCAT.ACS
[2003/07/15 11:14:26 | 000,283,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OIS.EXE
[2003/04/26 01:27:54 | 000,000,420 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OIS.PIP
[2003/07/15 11:14:26 | 000,828,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OISAPP.DLL
[2003/07/15 11:14:26 | 000,027,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\oisctrl.dll
[2003/07/15 11:14:26 | 000,242,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OISGRAPH.DLL
[2003/07/15 06:46:42 | 000,232,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
[2003/06/03 23:18:20 | 000,081,028 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OLKPRTID.XML
[2003/07/15 07:05:24 | 001,054,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OMFC.DLL
[2003/07/12 11:59:46 | 000,016,504 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OPW11USR.INI
[2003/07/15 06:53:08 | 000,095,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE
[2003/07/15 06:41:56 | 000,024,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLACCT.DLL
[2003/07/15 06:44:34 | 000,102,968 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
[2003/07/07 21:36:00 | 002,058,343 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT
[2003/07/08 19:48:00 | 000,115,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DLL
[2003/08/10 07:06:42 | 007,522,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.DLL
[2003/07/15 06:44:32 | 000,088,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLMIME.DLL
[2003/07/15 06:45:18 | 000,196,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2003/07/15 06:43:48 | 000,139,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLPH.DLL
[2003/07/15 06:43:18 | 000,064,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLRPC.DLL
[2003/07/15 06:42:32 | 000,044,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLVBS.DLL
[2003/07/15 06:43:16 | 000,049,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLWAB.DLL
[2003/08/08 08:16:48 | 000,637,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OWSCLT.DLL
[2003/07/15 07:00:14 | 000,072,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OWSSUPP.DLL
[2003/07/30 20:40:40 | 006,133,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
[2003/03/20 07:23:38 | 000,001,532 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\POWERPOI.PIP
[2003/06/03 23:18:20 | 000,081,060 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\PPTPRTID.XML
[2003/07/31 23:21:08 | 001,782,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\PPTVIEW.EXE
[2003/07/15 07:00:24 | 000,112,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\PROFLWIZ.EXE
[2003/07/15 06:42:26 | 000,037,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\RECALL.DLL
[2003/03/25 19:45:28 | 000,005,974 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\REFBAR.ICO
[2003/03/25 19:45:28 | 000,005,974 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
[2003/05/09 05:54:00 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\REFEDIT.DLL
[2003/07/15 06:57:08 | 000,040,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
[2003/02/19 21:05:30 | 000,108,800 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\REMINDER.WAV
[2002/12/14 07:30:44 | 000,002,664 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\RESETO11.OPS
[1999/01/15 22:20:14 | 000,123,149 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\ROCKY.ACG
[1999/01/15 22:20:14 | 003,006,178 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\ROCKY.ACS
[2003/07/21 19:46:38 | 000,390,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\RTFHTML.DLL
[2003/07/15 06:57:56 | 000,211,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\SAEXT.DLL
[2003/07/15 06:57:18 | 000,349,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\SELFCERT.EXE
[2003/07/15 06:44:16 | 000,066,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\SENDTO.DLL
[2003/07/15 06:57:08 | 000,058,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\SEQCHK10.DLL
[2003/08/06 21:31:22 | 000,362,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\SETLANG.EXE
[2003/06/02 20:58:08 | 000,262,216 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\SMSW.CHM
[2003/08/03 18:52:32 | 002,808,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\STSLIST.DLL
[2003/07/26 03:00:50 | 000,174,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\STSUPLD.DLL
[2003/07/15 06:57:10 | 000,072,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\UCSCRIBE.DLL
[2003/07/15 06:57:40 | 000,059,960 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\UNBIND.EXE
[2002/10/30 20:21:18 | 000,246,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\UNICOWS.DLL
[2001/01/23 19:46:56 | 000,013,576 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\USPDAT10.XML
[2001/01/23 19:46:58 | 000,113,911 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\USPMAP.XML
[2001/01/23 19:46:56 | 000,167,035 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\USPTYPES.XML
[2000/09/12 02:36:38 | 000,038,375 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\VIEWSSPT.XML
[2000/08/07 23:31:38 | 000,039,514 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\VIEWSSRC.XML
[2000/11/29 23:51:30 | 000,005,828 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\VISUALUI.TTF
[2003/04/02 19:21:12 | 000,111,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WAVTOASF.EXE
[2003/01/13 23:04:18 | 000,092,752 | ---- | M] (Indicus Pvt. Ltd for Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WDBIMP.DLL
[2004/10/05 12:13:50 | 000,080,900 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\WDVPRTID.XML
[2003/08/06 21:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2003/06/06 19:25:46 | 000,001,764 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\WORD.PIP
[2002/12/02 23:54:08 | 000,001,532 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\WORDMAIL.PIP
[2005/05/02 19:09:02 | 006,864,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WORDVIEW.EXE
[2003/06/03 23:18:20 | 000,081,012 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\WRDPRTID.XML
[2000/09/27 19:27:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WWPAB.CNV
[2000/03/08 06:45:34 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\XL5EN32.OLB
[1999/12/10 05:21:30 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\XLCALL32.DLL
[2003/05/29 20:22:08 | 000,010,217 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\XML2WORD.XSL

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >
[2006/02/24 18:04:43 | 000,059,364 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\bookmark.htm
[2005/07/20 14:08:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\DEPARTURE FROM SPECIFICATIONS (E-DFS).htm
[2005/10/13 00:57:42 | 000,004,901 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\MSFaxWizardTempPreview-#000004781C5CFCBB921AD.htm
[2005/05/21 03:45:27 | 000,005,617 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\print test.htm
[2005/05/21 03:48:05 | 000,005,485 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\print test_1.htm
[2010/05/20 15:24:50 | 000,002,850 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ReadWriteThink Student Materials Timeline.htm
[2005/10/21 23:31:00 | 000,027,599 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Results-2.htm
[2005/10/11 04:23:36 | 000,052,510 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ZZREPORT TEST.htm

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-07 00:38:03
< End of report >


OTL Extras logfile created on: 10/9/2010 7:57:33 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 81.14 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.56 Gb Free Space | 10.60% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Audacity_is1" = Audacity 1.2.6
"BackWeb-6750491 Uninstaller" = Compaq Connections
"Google Chrome" = Google Chrome
"Help and Support Additions" = Help and Support Additions
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2010 6:49:28 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/9/2010 6:49:29 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/9/2010 6:49:29 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/9/2010 6:54:07 PM | Computer Name = YOUR-4F1261A8E5 | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 10/9/2010 7:52:46 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.

Error - 10/9/2010 10:09:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/9/2010 10:09:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/9/2010 10:09:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/9/2010 10:09:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/9/2010 10:09:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/9/2010 10:14:28 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/9/2010 10:18:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/9/2010 10:18:13 PM | Computer Name = YOUR-4F1261A8E5 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/9/2010 10:18:15 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2

Error - 10/9/2010 10:18:16 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 10/9/2010 10:23:15 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 10/9/2010 10:45:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2

Error - 10/9/2010 10:46:03 PM | Computer Name = YOUR-4F1261A8E5 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/9/2010 10:46:03 PM | Computer Name = YOUR-4F1261A8E5 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/9/2010 10:50:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >

Attached Files


Edited by oldman960, 10 October 2010 - 01:31 AM.
added logs


#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 10 October 2010 - 01:44 AM

Hi passingthought,

3. I did not reinstall Norton 360, when we're all done, I'll decide which AV to run, I've really never liked Norton, but we'll see

I'm not too fusy about this. I have worked on computers before that didn't have an antivirus program installed. It can be done successfully but great care needs to be taken by you. Absolutely no browsing or opening mail with this computer. The only time this computer should be connected to the internet is to download tools and post the required logs.

We'll worry about My.Freeze.com NetAssistant after we get some of this cleaned up.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:OTL
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} 
2010/09/30 21:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/09/30 21:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
2010/09/30 21:23:48 | 001,069,966 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/11 08:59:09 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0995154505553.xxe
[2010/06/11 08:22:36 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0995255484852.xxe
[2010/06/09 19:35:45 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\055102102565799.xxe
[2010/06/09 19:30:35 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\01005153535554.xxe
[2010/06/08 07:09:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0505448994955.xxe
[2010/06/08 07:09:43 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\09857491009853.xxe
[2010/06/07 19:57:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\05557102489799.xxe
[2010/06/04 19:22:13 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\05249485410152.xxe
[2010/06/02 18:35:57 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\052575210198102.xxe
[2010/05/31 08:16:34 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0569949489854.xxe
[2010/05/31 08:16:01 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\048102515610049.xxe
[2010/05/31 08:15:58 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0535049569854.xxe
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-

:Commands
[createrestorepoint]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Next

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

Next

Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If GMER will not run in normal windows, please run it in Safe Mode

Please post back with
  • OTL fix log
  • MBRCheck log
  • GMER log
What is the staus of the computer now?

Thanks

Advertisement


#11 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 10 October 2010 - 04:12 PM

Ok, A couple of problems during this one. First, the error i keep getting is: GENERIC HOST PROCESS FOR WIN32 SERVICES and the error reads: Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

Also when I start my browser, a new tab opens navigating to a random site, in the most recent the site was :

http://nynewsandrepo...tJobs/adon.aspx

I ran the OTL as instructed, but i was unable to capture the log, I thought I had saved it but the only OTL log on my desktop is the one that was there last night.

I ran MBER check and the log is below.

I ran GMER, however when I came back to save the file, all of my system resources were gone, it said i had insufficient system resources to open any programs, My start/program menu was empty and I couldn't even open an existing notepad file to save the txt into. The log file may exist somewhere on my machine, but don't know how to find it.

Here is the only log that I could save MBER:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 114):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF8973000 \WINDOWS\system32\KDCOM.DLL
0xF8883000 \WINDOWS\system32\BOOTVID.dll
0xF8344000 ACPI.sys
0xF8975000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8333000 pci.sys
0xF8473000 isapnp.sys
0xF8977000 intelide.sys
0xF86F3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8483000 MountMgr.sys
0xF8314000 ftdisk.sys
0xF86FB000 PartMgr.sys
0xF8493000 VolSnap.sys
0xF82FC000 atapi.sys
0xF84A3000 disk.sys
0xF84B3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82DD000 fltMgr.sys
0xF82CB000 sr.sys
0xF8703000 PxHelp20.sys
0xF82B4000 KSecDD.sys
0xF8227000 Ntfs.sys
0xF81FA000 NDIS.sys
0xF84C3000 ohci1394.sys
0xF84D3000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF81DF000 Mup.sys
0xF84E3000 gagp30kx.sys
0xF8533000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF795B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF786E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF785A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7836000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF8813000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7813000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF881B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF794B000 \SystemRoot\system32\DRIVERS\R8139n51.SYS
0xF76DD000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF8823000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C9000 \SystemRoot\system32\DRIVERS\parport.sys
0xF793B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF882B000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF8833000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF883B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF792B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF896B000 \SystemRoot\system32\drivers\pfc.sys
0xF8843000 \SystemRoot\system32\drivers\iviaspi.sys
0xF8553000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8563000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF76A6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF884B000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF8B3F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8573000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7F2D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF768F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8583000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8593000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8853000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF767E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF85A3000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF885B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8863000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF85B3000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF89C1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF764A000 \SystemRoot\system32\DRIVERS\update.sys
0xF7F1D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF85C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAAD91000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAAD70000 \SystemRoot\system32\drivers\portcls.sys
0xF85E3000 \SystemRoot\system32\drivers\drmk.sys
0xF85F3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89C5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF89C7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B89000 \SystemRoot\System32\Drivers\Null.SYS
0xF89C9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8873000 \SystemRoot\System32\drivers\vga.sys
0xF89CB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89CD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF887B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF872B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8917000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAAD15000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAACBD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAAC9C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8613000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8623000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8733000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF8743000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAAC74000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAAC52000 \SystemRoot\System32\drivers\afd.sys
0xF8633000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAAC27000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAABB8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8663000 \SystemRoot\System32\Drivers\Fips.SYS
0xAAB95000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF8947000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF876B000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7DB7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7646000 \SystemRoot\System32\drivers\Dxapi.sys
0xF877B000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xF8B56000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E4000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D6000 \SystemRoot\System32\ialmrnt5.dll
0xBFA03000 \SystemRoot\System32\ialmdev5.DLL
0xBFA2C000 \SystemRoot\System32\ialmdd5.DLL
0xAAA65000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA7C0000 \SystemRoot\system32\drivers\wdmaud.sys
0xAAAF5000 \SystemRoot\system32\drivers\sysaudio.sys
0xAA67E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA5D7000 \SystemRoot\system32\DRIVERS\srv.sys
0xAA276000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA044000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
452 C:\WINDOWS\system32\smss.exe
512 csrss.exe
536 C:\WINDOWS\system32\winlogon.exe
580 C:\WINDOWS\system32\services.exe
592 C:\WINDOWS\system32\lsass.exe
740 C:\WINDOWS\system32\svchost.exe
796 svchost.exe
864 C:\WINDOWS\system32\svchost.exe
920 svchost.exe
1048 svchost.exe
1232 C:\WINDOWS\explorer.exe
1296 C:\WINDOWS\system32\spoolsv.exe
1676 svchost.exe
1708 C:\Program Files\Bonjour\mDNSResponder.exe
1772 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2032 C:\WINDOWS\system32\svchost.exe
172 wdfmgr.exe
240 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1012 C:\WINDOWS\system32\wscntfy.exe
1524 C:\WINDOWS\NOTEPAD.EXE
388 C:\WINDOWS\system\hpsysdrv.exe
368 C:\WINDOWS\system32\hkcmd.exe
1604 C:\WINDOWS\AGRSMMSG.exe
1200 C:\hp\KBD\kbd.exe
1992 C:\WINDOWS\SOUNDMAN.EXE
316 C:\WINDOWS\ALCWZRD.EXE
584 C:\Program Files\QuickTime\QTTask.exe
856 C:\Program Files\iTunes\iTunesHelper.exe
996 C:\WINDOWS\system32\ctfmon.exe
1504 C:\Program Files\iPod\bin\iPodService.exe
2184 C:\Program Files\Mozilla Firefox\firefox.exe
2680 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`50612000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP1614C, Rev: SW100-30

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972


Done!

#12 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 10 October 2010 - 09:34 PM

Hi passing thought,

The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to 10102010_111009.log . Please copy and paste the contents into your next reply.

If you managed to click save the log may be there though unless you were able to give it a name I'm not sure what it would be called.

Do you know if it reported anything?

You could rerun it in safe mode. There will be less things running and you may be able to save it.

Next
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNCheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt

Please post back with
  • OTL fix log
  • new OTL.txt


#13 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 10 October 2010 - 09:51 PM

Ok, Good news. I found the log in the folder you suggested, it was there twice so it must have saved, see below. Also i ran OTL again, during the run it gave me an error "There is no disc in the drive, please insert disc". I hit continue 4 times before it continued with the scan. That log is also below.

When I opened the browser to come here, again a new tab opened up and went to a random website, please let me know if you want me to start copying those addresses.

It seems after my computer has been on for a while it freezes in the aspect that I can't save anything, and start menu becomes unavailable. I don't have a gauge yet on what causes this but seems to be something to do with the WIN32 error.

here are the OTL results, first the log from this morning and second the new log.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
C:\WINDOWS\Downloaded Program Files\wwlaunch.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
C:\WINDOWS\System32\drivers\N360\0402000.00C folder moved successfully.
C:\WINDOWS\System32\drivers\N360 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0995154505553.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0995255484852.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\055102102565799.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\01005153535554.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0505448994955.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\09857491009853.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\05557102489799.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\05249485410152.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\052575210198102.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0569949489854.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\048102515610049.xxe moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\0535049569854.xxe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator.YOUR-4F1261A8E5
->Temp folder emptied: 17834051 bytes
->Temporary Internet Files folder emptied: 9911406 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3444 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 510497351 bytes
->Temporary Internet Files folder emptied: 60442963 bytes
->Java cache emptied: 41741156 bytes
->FireFox cache emptied: 96404546 bytes
->Google Chrome cache emptied: 296419729 bytes
->Flash cache emptied: 2239775 bytes

User: Compaq_Owner.YOUR-4F1261A8E5
->Temp folder emptied: 6607914 bytes
->Temporary Internet Files folder emptied: 1200975 bytes
->Flash cache emptied: 1966426 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 2836 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 16975 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 300971290 bytes
->Java cache emptied: 320 bytes
->Flash cache emptied: 86473 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132960728 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,412.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10102010_080943

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 10/10/2010 8:43:03 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 82.75 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.56 Gb Free Space | 10.60% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (winachsf) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys File not found
DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- C:\WINDOWS\System32\DRIVERS\smserial.sys File not found
DRV - (HSFHWBS2) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys File not found
DRV - (HSF_DP) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 17:37:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 17:37:01 | 000,000,000 | ---D | M]

[2010/10/06 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/10/03 11:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9oxymohk.default\extensions
[2010/10/03 11:08:32 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9oxymohk.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2010/10/03 11:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9oxymohk.default\extensions\plugin@yontoo.com
[2010/10/06 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\oeoo6nht.default\extensions
[2010/10/06 17:37:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/10 08:12:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 10:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/31 20:48:19 | 000,000,424 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4ffeaf08-4515-11df-bc66-0011d886640a}\Shell - "" = AutoRun
O33 - MountPoints2\{4ffeaf08-4515-11df-bc66-0011d886640a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ffeaf08-4515-11df-bc66-0011d886640a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 08:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/09 19:53:42 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/10/09 19:44:07 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/10/09 19:09:34 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/10/09 10:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/06 17:43:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe
[2010/10/06 17:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/03 11:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2010/10/03 11:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/10/03 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Panda3D
[2010/09/30 21:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/09/30 21:06:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/30 18:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/09/30 18:27:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/30 18:09:42 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/09/17 00:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/09/16 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2010/09/16 21:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla
[2010/09/16 21:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)

========== Files - Modified Within 30 Days ==========

[2010/10/10 20:39:55 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/10 20:39:52 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/10 20:39:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/10 20:39:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/10 20:39:46 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 17:55:05 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 08:26:34 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\oroj3y3u.exe
[2010/10/10 08:22:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2010/10/10 08:16:13 | 003,047,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/10/10 08:16:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/10/10 08:12:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/09 19:53:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/10/09 19:09:15 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/10/06 18:00:41 | 000,359,929 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/10/06 17:43:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe
[2010/10/06 17:37:02 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/06 17:37:02 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/06 17:33:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 15:57:41 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/30 21:25:46 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/30 21:24:03 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 21:10:15 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/30 21:10:15 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/30 18:24:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/28 07:06:18 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Galina's Rabbit.wps
[2010/09/28 07:06:18 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/09/16 21:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

========== Files Created - No Company Name ==========

[2010/10/10 08:26:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\oroj3y3u.exe
[2010/10/10 08:23:09 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2010/10/06 18:00:56 | 000,359,929 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/10/06 17:37:02 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/06 17:37:02 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/01 15:57:41 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 07:06:18 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Galina's Rabbit.wps
[2010/09/16 21:47:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/16 08:03:58 | 003,047,424 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/06/11 09:50:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/01/25 20:44:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/01/09 10:09:58 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2010/01/06 21:02:31 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2009/01/05 17:44:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\inferno.dll
[2006/05/07 18:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/05/06 05:04:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\Pynix.dll
[2006/05/06 05:04:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alxtb1.dll
[2006/05/06 05:04:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alxie328.dll
[2006/05/06 05:04:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alexaie.dll
[2006/04/21 20:19:49 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/08 14:32:03 | 000,000,143 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2006/04/08 03:20:25 | 000,000,190 | ---- | C] () -- C:\WINDOWS\TOFMAP.ini
[2006/04/08 03:18:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\THUMBV~1.INI
[2006/04/08 03:14:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/04/08 03:09:50 | 000,004,011 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2006/04/08 03:09:50 | 000,000,402 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2006/03/16 23:08:08 | 000,000,007 | ---- | C] () -- C:\WINDOWS\lpconfig.ini
[2006/01/22 00:53:15 | 000,000,071 | ---- | C] () -- C:\WINDOWS\QFP.INI
[2006/01/22 00:53:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/01/22 00:53:09 | 000,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
[2006/01/21 21:15:41 | 000,001,599 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/31 17:07:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/26 06:06:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/11/18 02:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/07/29 22:49:36 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/28 05:45:10 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/04/28 23:55:15 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/02/16 12:06:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 12:02:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/16 12:02:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/16 12:02:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/16 12:02:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/16 12:02:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/16 12:02:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/16 11:33:59 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/16 11:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/16 11:33:33 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/16 11:30:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 11:19:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/16 11:16:13 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/16 11:06:48 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/16 02:17:03 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/01/28 21:31:05 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/01/28 21:31:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/01/28 21:30:48 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 23:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/16 04:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/22 20:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/22 17:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
< End of report >

#14 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 10 October 2010 - 10:23 PM

Hi passingthought

Are you using FireFox or IE? Please post some of the random sites

This log will be shorter

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Click the None button near the top (it may looked greyed out)
  • In the window under Custom Scans/Fixes copy and paste the following

    /md5start
    firefox.exe
    iexplore.exe
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Please post the resulting log.

#15 passingthought

passingthought

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 10 October 2010 - 10:44 PM

I normally run firefox.

Here is one of the sites that it went to under a new tab: http://nynewsandrepo...tJobs/adon.aspx

This time coming online, it didn't do it though.

Here is the requested OTL Log.

OTL logfile created on: 10/10/2010 9:37:58 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 82.73 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.56 Gb Free Space | 10.60% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Custom Scans ==========



< MD5 for: FIREFOX.EXE >
[2010/09/14 15:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=A26898623D61508C2FA3F5672C11FA5D -- C:\Program Files\Mozilla Firefox\firefox.exe

< MD5 for: IEXPLORE.EXE >
[2008/04/13 17:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/13 17:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2004/08/04 11:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2004/08/04 11:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[2004/08/04 11:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\system32\dllcache\iexplore.exe
< End of report >

Advertisement




Similar Topics: XP freezes     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users