Author Topic: Restriction Warning (Read 24867 times)

overthehill · « **on:** August 30, 2010, 03:35:22 PM »

I've checked the FAC's but have been unable to cure my problem.
I've also Googled this and after a page or two of suggestions there, I gave up !

The message/s that I receive is/are; Administrator has prohibited access to CD/DVD Rom Drives and/or Administrator has restricted this computer to access USB/1394 mass storage device and/or the process cannot access the file because it is used by another process.
When I check out Computer Management/Removable Storage it reads; The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. This snapin's display may be inconsistent with the removable Storage Service. If the problem persists please restart snapin.

My system; Pentium "D" 2.80GHz
Ram 3 GB
Windows XP Media Center Edition

Previous to this problem; rightfully or wrongfully, I down loaded a few YouTube Video Files and copied them to a Flash Drive, that was removed successfully. PC was then shut down for the night. This morning(before booting up) I opened my PC, removed an auxiliary fan that had a slight vibration,re-cushioned it, replaced the fan, booted up and received these messages. After receiving the first message I disconnected/reconnected the CD drive but nothing has changed. Did this a few times. Tried the Flash Drive , again, nothing ! When I check the Removable Storage Drives (thru) My Computer, they are greyed out with a red circle around and a red strike through.

After a few restarts I ran; Malwarebytes,SAS, and my Avast Anti-Virus and everything appeared OK.
Everything appears normal in Device Manager( I think) and System Restore didn't help.

Sure hope

that someone here can. overthehill

patio · « **Reply #1 on:** August 30, 2010, 04:43:28 PM »

Are you positive you are running Win Media Edition ? ?
I don't recall these restrictions being in place for that OS...

overthehill · « **Reply #2 on:** August 30, 2010, 06:26:14 PM »

Quote from: patio on August 30, 2010, 04:43:28 PM

Are you positive you are running Win Media Edition ? ?
I don't recall these restrictions being in place for that OS...

Thanks, patio for responding. What I have is Windows Professional Service pack 3, Media Center Edition. overthehill

Broni · « **Reply #3 on:** August 30, 2010, 08:16:07 PM »

Quote

and System Restore didn't help

Important question...did system restore actually work, but it didn't help, or system restore didn't want to work at all?
The reason, I'm asking is this...
Your problems definitely come from incorrect registry settings.
If registry just got messed up overnight, system restore should be able to fix it.
But, if the registry mess was caused by some infection (my vote goes here), then, in most cases, system restore won't help.

Is this Acer by any chance?

overthehill · « **Reply #4 on:** August 30, 2010, 08:55:40 PM »

Quote from: Broni on August 30, 2010, 08:16:07 PM

Important question...did system restore actually work, but it didn't help, or system restore didn't want to work at all?
The reason, I'm asking is this...
Your problems definitely come from incorrect registry settings.
If registry just got messed up overnight, system restore should be able to fix it.
But, if the registry mess was caused by some infection (my vote goes here), then, in most cases, system restore won't help.

Is this Acer by any chance?

Thanks Broni. Yes the system restore appeared to run OK. It gave me no indication that it didn't work. And no, this is not an Acer system.
Brand name is Cisnet (Intel MoBo) . You mentioned infection?. Would that be question for the virus gurus? overthehill

Broni · « **Reply #5 on:** August 30, 2010, 09:00:05 PM »

I'd like to see something...
Make sure, you attach logs, which will be created by using a program listed below.
Those logs are rather long, so I don't want create a mess here.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

overthehill · « **Reply #6 on:** August 30, 2010, 09:24:19 PM »

Thanks Broni, here they are. Hope that I've done it right. overthehill

OTL Extras logfile created on: 8/30/2010 10:28:29 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Bonham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.42 Gb Total Space | 191.71 Gb Free Space | 83.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXP_MCE
Current User Name: Bonham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"9999:UDP" = 9999:UDP:*:Enabled:IDU Service UDP Port
"2804:TCP" = 2804:TCP:*:Enabled:IDU Service TCP Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" = C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{714A8115-89BE-44E9-89A5-768405B0BB97}" = Motorola Phone Tools
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95966B8A-2B40-4233-B5D3-F838568561D5}" = Intel Audio Studio 2.0
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D5BB0907-4BB0-46A3-AA68-0173D111058D}" = VirtualDrive
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel(R) Desktop Utilities
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F89FD8CD-FC96-4F75-8376-3C3C292907D5}" = Intel Special Offers
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"Acoolsoft PPT to Video Free_is1" = Acoolsoft PPT to Video Free 3.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CleanMP3" = CleanMP3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"Cool MP4 To FLV Converter_is1" = Cool MP4 To FLV Converter 1.0
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"FileHippo.com" = FileHippo.com Update Checker
"Flux LE" = Flux LE
"Foxit PDF Creator" = Foxit PDF Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail
"InstallShield_{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel(R) Desktop Utilities
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"Mahjongg Master 5" = Mahjongg Master 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OnlineArmor_is1" = Online Armor 4.0
"PCMagazine SurfSpeed 2_is1" = PCMagazine SurfSpeed 2
"Revo Uninstaller" = Revo Uninstaller 1.87
"Safarp" = Safarp
"Secunia PSI" = Secunia PSI
"Shockwave" = Shockwave
"Smart Defrag_is1" = Smart Defrag
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WhatPulse" = WhatPulse 1.6.2.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2010 11:49:40 PM | Computer Name = WINXP_MCE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/17/2010 11:49:48 PM | Computer Name = WINXP_MCE | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 8/30/2010 12:56:41 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (2864) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 8/30/2010 12:56:41 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (2864) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 8/30/2010 12:56:42 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (2864) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 8/30/2010 12:56:42 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (2864) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 8/30/2010 12:56:42 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (2864) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 8/30/2010 12:56:42 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (2864) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 8/30/2010 4:15:02 PM | Computer Name = WINXP_MCE | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\windows\prindex\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/30/2010 10:46:57 PM | Computer Name = WINXP_MCE | Source = ESENT | ID = 485
Description = wuauclt (800) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 8/30/2010 2:40:04 PM | Computer Name = WINXP_MCE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 8/30/2010 4:12:21 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.

Error - 8/30/2010 4:13:48 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/30/2010 4:13:48 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/30/2010 4:13:48 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/30/2010 4:13:57 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/30/2010 4:13:57 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/30/2010 4:38:06 PM | Computer Name = WINXP_MCE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 8/30/2010 10:48:26 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/30/2010 10:48:26 PM | Computer Name = WINXP_MCE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

< End of report >

OTL logfile created on: 8/30/2010 10:36:18 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Bonham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.42 Gb Total Space | 191.67 Gb Free Space | 83.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXP_MCE
Current User Name: Bonham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/30 22:26:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/18 00:22:05 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
PRC - [2010/06/18 00:18:05 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/20 04:42:08 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/02/02 18:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 12:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/09/07 18:37:08 | 000,189,896 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 09:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2007/02/26 19:02:14 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/12/02 20:10:52 | 000,066,560 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Program Files\Intel\IDU\awServ.exe
PRC - [2005/12/02 17:50:22 | 001,687,552 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Program Files\Intel\IDU\iptray.exe
PRC - [2005/12/01 11:59:44 | 001,305,600 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\Program Files\Intel\IDU\awtray.exe
PRC - [2005/11/22 10:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/22 10:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe

========== Modules (SafeList) ==========

MOD - [2010/08/30 22:26:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/18 00:22:05 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2010/06/18 00:18:05 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/20 04:42:08 | 003,364,856 | ---- | M] (Tall Emu) [Auto | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/04/20 04:42:08 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/01/27 12:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2007/02/26 19:02:14 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/12/02 20:10:52 | 000,066,560 | ---- | M] (OSA Technologies Inc., An Avocent Company) [Auto | Running] -- C:\Program Files\Intel\IDU\awServ.exe -- (AWService)
SRV - [2005/11/22 10:29:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/22 10:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/22 10:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/11/21 23:47:56 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/11/21 23:47:10 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Bonham\Application Data\NVIDIA\HWAccess.sys -- (NVIDIAHWAccess)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/27 01:09:05 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/20 04:13:30 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/04/20 04:13:14 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/04/20 04:13:10 | 000,228,216 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/03/16 01:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/28 09:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/27 13:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/17 07:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/06/19 08:44:04 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/19 20:20:25 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/19 20:05:51 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/09/07 14:25:06 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/26 23:24:40 | 000,231,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/07/05 21:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/11/29 07:07:58 | 000,040,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IAMTXP.sys -- (IAMTXP) Driver for Intel(R)
DRV - [2005/11/22 01:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/11/11 14:51:56 | 000,012,298 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/10/22 08:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 08:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 08:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 08:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/10/12 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/06/30 16:58:36 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/03/15 16:04:22 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2005/01/27 04:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/09/29 05:35:30 | 000,219,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 05:34:24 | 000,702,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 05:33:50 | 001,036,928 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/09/08 11:37:56 | 000,072,478 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (FVDSCSI)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/11/03 13:09:10 | 000,036,484 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2003/08/07 06:46:12 | 000,010,899 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2001/08/17 08:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mymanitoba.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/04/17 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions
[2010/04/11 16:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 21:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 11:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/15 11:04:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2002/01/09 00:26:42 | 000,319,488 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/04/28 22:13:19 | 000,381,116 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 209.216.253.186   www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2   test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2   test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1   test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1   test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2   c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 13038 more lines...
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [awTray.exe] C:\Program Files\Intel\IDU\awtray.exe (OSA Technologies, An Avocent Company)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\IDU\iptray.exe (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OCDLMgr] C:\Program Files\IZArc\OpenCandy\OCSetupHlp.dll (OpenCandy, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67106263
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 322
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67080663
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: uclickgames.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189528423203 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189528318687 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.2.10.2 72.2.10.4
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Value error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Value error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Bonham/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 () -
O24 - Desktop Components:2 () - file:///C:/Documents%20and%20Settings/Bonham/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B74C62D20-1BC8-452C-B919-F9FAEBDDC056%7D/Forward/image0323232323232.jpg
O24 - Desktop Components:3 () -
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/17 01:03:13 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c8088438-6428-11df-82a2-001676c95c50}\Shell - "" = AutoRun
O33 - MountPoints2\{c8088438-6428-11df-82a2-001676c95c50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c8088438-6428-11df-82a2-001676c95c50}\Shell\AutoRun\command - "" = F:\LiteAuto.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporati

Broni · « **Reply #7 on:** August 30, 2010, 09:54:46 PM »

Lower part of OTL log is missing, but I can say, your computer is infected.

Read here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
Start new topic here: http://www.computerhope.com/forum/index.php/board,7.0.html
Do NOT post any logs in THIS thread.

Broni · « **Reply #8 on:** August 30, 2010, 09:56:18 PM »

Oh, btw, you have Norton's leftovers, so you can run Norton Removal Tool: http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN before you go to malware forum.

overthehill · « **Reply #9 on:** August 31, 2010, 07:53:44 AM »

Thanks for your help Broni.I used the Removal Tool and have requested help from the Viruses and Spyware Forum. overthehill

Broni · « **Reply #10 on:** August 31, 2010, 03:59:55 PM »

You're very welcome

overthehill · « **Reply #11 on:** September 11, 2010, 08:20:14 AM »

Well after spending considerable time with the "malware experts" they have determined that my problem is not malware or virus related. And,yes I still have the problem as stated earlier in this post. I've attached a jpg. file to indicate what I'm seeing when I go to "My Computer. The only other thing that I have noticed (since this problem started ) is when I attempt to shut down my PC I have to "end task" (awtray.exe).

Below is a statement that I came across and I'm sure hoping that this may be a cure?. Before I would try this though I would need someone with a lot more PC savvy than I have to confirm that I'd have a chance doing this.
And, if this is a possibility how and where would I find the proper IDU file? I've gone to the Intel site looking for it but basically I get lost. Sure would appreciate some help. overthehill

Re: Administrator has prohibited access to CD/DVD ROM drives

The Problem Is a software Named "AdminWorks" By "Avocent".

It Is a part Of IDU (Intel Desktop Utility).

1. You need to Kill the following processes (Task Manager -> End Process):

awServ.exe

iptray.exe

2. Start->Run : "msconfig" , Remove the following startup programs :

iptray

3. Delete the following Folder (Restart may be required) :

"C:\Program Files\Intel\IDU"

4. Reinstall IDU from intel's Download Site.

[recovering disk space - old attachment deleted by admin]

Broni · « **Reply #12 on:** September 11, 2010, 11:00:26 AM »

Yes, I can see both items running:

Quote

O4 - HKLM..\Run: [awTray.exe] C:\Program Files\Intel\IDU\awtray.exe (OSA Technologies, An Avocent Company)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\IDU\iptray.exe (OSA Technologies Inc., An Avocent Company)

New download: http://www.intel.com/design/motherbd/software/idu/

overthehill · « **Reply #13 on:** September 11, 2010, 11:07:57 AM »

Thanks again,Broni. Would that be the 4 & 5 Series or the 3? How can I tell. And once downloaded I'm guessing that you are telling me to go ahead? overthehill

Broni · « **Reply #14 on:** September 11, 2010, 11:24:43 AM »

It'd depend on your Intel chip version.

Hold Windows logo key and press Pause/Break key.
What does it say about CPU?

overthehill · « **Reply #15 on:** September 11, 2010, 11:33:50 AM »

I found and presently I'm downloading the correct file for my mobo. So once done, should I delete the files that they reccomend and then simply run the downloaded file? Is there anything else that I should do?
Once again, Thank You.

Broni · « **Reply #16 on:** September 11, 2010, 11:39:01 AM »

That's about it. You should be fine

overthehill · « **Reply #17 on:** September 11, 2010, 11:49:13 AM »

I'll certainly post back and let you know, one way or the other. overthehill

Broni · « **Reply #18 on:** September 11, 2010, 11:58:00 AM »

Cool

overthehill · « **Reply #19 on:** September 11, 2010, 12:13:55 PM »

Now it won't let me delete the files in the IDU folder. Any ideas? overthehill

Broni · « **Reply #20 on:** September 11, 2010, 12:17:22 PM »

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:OTL

:Services

:Reg

:Files
C:\Program Files\Intel\IDU

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

overthehill · « **Reply #21 on:** September 11, 2010, 12:18:44 PM »

Will do.overthehill

overthehill · « **Reply #22 on:** September 11, 2010, 12:32:00 PM »

Broni. After running OTL I see no colors 0000FF . All colors begin with E eg #E56717. overthehill

Broni · « **Reply #23 on:** September 11, 2010, 12:34:29 PM »

Disregard that formatting. It doesn't parse on this board.
I just edited my previous post.

overthehill · « **Reply #24 on:** September 11, 2010, 01:06:02 PM »

Well Broni. Where do I go from here. I did figure what you wanted me to do but I did not get a txt file. Now my Online Armor is giving me a terrible time. overthehill

Broni · « **Reply #25 on:** September 11, 2010, 01:09:25 PM »

Define "terrible time".

Re-run OTL "Quick scan" and post its log.

overthehill · « **Reply #26 on:** September 11, 2010, 01:21:41 PM »

Well Broni. Here's the latest. Terrible time meant that Online Armor would show up at start up and lock everything up. I have now been able to uninstall it and I'm going with the Windows firewall. The IDU folder now appears to be gone. I've now gone back to run the downloaded IDU file but I'm told that it for some reason will not work and that I should download it again. So I'll download it again retry and repost. Thks,overthehill

Broni · « **Reply #27 on:** September 11, 2010, 01:23:11 PM »

OK...

overthehill · « **Reply #28 on:** September 11, 2010, 02:00:39 PM »

Hi Broni. I downloaded and unziiped the file, got it to run OK, but, under C:\ProgramFiles\Intel, there used to be and IDU folder. Now I get Infinst - Intel Desktop Utilities- SMBus. So now in Task Manager there is no longer an -awServ.exe or a iptray.exe. Does this make any sense? And my storage drives are still non functional. overthehill

Broni · « **Reply #29 on:** September 11, 2010, 02:07:22 PM »

Can you give me a link to your malware forum topic?

You also have some Norton leftovers. Did they take care of it?
I assume, Avast is your current AV program?

overthehill · « **Reply #30 on:** September 11, 2010, 02:14:25 PM »

Here goes the attached link. No they said nothing about Norton. And yes, I'm still using Avast.
I really have to commend you Broni for helping out this old fellow. Thanks.

http://www.computerhope.com/forum/index.php/topic,109580.0.html

Broni · « **Reply #31 on:** September 11, 2010, 02:22:54 PM »

You're very welcome

Run Norton Removal Tool: http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When you're done....

Re-run OTL, but paste this in "Custom scans" box:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Post resulting log.

overthehill · « **Reply #32 on:** September 11, 2010, 02:39:03 PM »

Broni. Log as requested.overthehill

OTL logfile created on: 9/11/2010 3:56:53 PM - Run 10
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Bonham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.42 Gb Total Space | 202.88 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXP_MCE
Current User Name: Bonham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bonham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe (Intel(R) Corporation)
PRC - C:\Program Files\Folding@home\Folding@home-x86\FahCore_78.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Folding@home\Folding@home-x86\[email protected] ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bonham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

========== Win32 Services (SafeList) ==========

SRV - (AWService) -- C:\Program Files\Intel\IDU\awServ.exe File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (IduService) Intel(R) -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)
SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)
SRV - (RoxUpnpServer) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions)

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (NVIDIAHWAccess) -- C:\Documents and Settings\Bonham\Application Data\NVIDIA\HWAccess.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Bonham\LOCALS~1\Temp\catchme.sys File not found
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (cpuidlep) -- C:\WINDOWS\System32\drivers\cpuidlep.sys ()
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (IAMTXP) Driver for Intel(R) -- C:\WINDOWS\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (FVDSCSI) -- C:\WINDOWS\system32\drivers\fvdscsi.sys (FarStone Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (fcdabus) -- C:\WINDOWS\system32\drivers\fcdabus.sys (FarStone Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mymanitoba.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/04/17 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions
[2010/04/11 16:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 21:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 11:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/15 11:04:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2002/01/09 00:26:42 | 000,319,488 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/04/28 22:13:19 | 000,381,116 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 209.216.253.186   www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2   test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2   test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1   test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1   test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2   c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2   c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1   c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 13038 more lines...
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\IDU\iptray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OCDLMgr] C:\Program Files\IZArc\OpenCandy\OCSetupHlp.dll (OpenCandy, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\[email protected] = C:\Program Files\Folding@home\Folding@home-x86\[email protected] ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189528423203 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189528318687 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.2.10.2 72.2.10.4
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Value error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Value error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Bonham/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 () -
O24 - Desktop Components:2 () - file:///C:/Documents%20and%20Settings/Bonham/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B74C62D20-1BC8-452C-B919-F9FAEBDDC056%7D/Forward/image0323232323232.jpg
O24 - Desktop Components:3 () -
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/17 01:03:13 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 15:50:32 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 15:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\Intel
[2010/09/11 15:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/09/11 15:01:11 | 000,970,752 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ismbun.exe
[2010/09/11 14:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012
[2010/09/11 13:58:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/11 13:43:20 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/09/10 00:57:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bonham\Recent
[2010/09/08 12:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2010/09/03 18:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/02 20:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/02 20:00:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/01 21:38:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:36:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:36:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:36:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:36:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/01 21:36:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/31 13:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/31 13:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/08/31 13:36:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/31 13:36:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/31 13:36:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/03/27 09:24:12 | 000,648,064 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2009/03/27 09:24:12 | 000,540,544 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe

========== Files - Modified Within 30 Days ==========

[2010/09/11 15:50:54 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 15:33:55 | 000,162,182 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\topic,109580.0.html
[2010/09/11 15:13:29 | 000,001,057 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/11 15:13:29 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/11 15:13:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 15:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 15:09:18 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 15:07:27 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/11 15:07:26 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/09/11 15:07:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 15:07:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 15:06:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 15:05:40 | 013,070,336 | ---- | M] () -- C:\Documents and Settings\Bonham\NTUSER.DAT
[2010/09/11 15:05:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bonham\ntuser.ini
[2010/09/11 15:02:51 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/11 15:01:21 | 000,001,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intel(R) Desktop Utilities.lnk
[2010/09/11 15:00:48 | 000,008,413 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\System32\drivers\osaio.sys
[2010/09/11 14:56:23 | 012,713,957 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012.zip
[2010/09/11 13:43:35 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/09/11 13:14:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft Word.lnk
[2010/09/11 12:24:37 | 006,228,992 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\911 photos - Never Forget !.pps
[2010/09/11 09:44:51 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Jumble, That Scrambled Word Game!.url
[2010/09/09 09:05:29 | 000,070,734 | ---- | M] () -- C:\Program Files\Storage Drives.JPG
[2010/09/09 08:48:11 | 000,049,244 | ---- | M] () -- C:\Program Files\autoruns.chm
[2010/09/08 23:57:40 | 002,643,698 | -H-- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\IconCache.db
[2010/09/07 23:12:06 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/07 17:28:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/31 13:36:39 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/31 13:36:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/31 13:36:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/31 13:36:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/31 13:36:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/30 15:13:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/24 23:35:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\SpeedFan.lnk
[2010/08/24 23:35:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/08/24 23:27:59 | 000,070,696 | ---- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 23:25:26 | 001,029,907 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht
[2010/08/24 09:27:15 | 000,016,603 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Nesco.jpg
[2010/08/23 19:21:31 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft PowerPoint.lnk
[2010/08/22 20:06:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/17 21:53:40 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Computer Hope.url
[2010/08/16 21:35:31 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft Excel.lnk
[2010/08/16 13:37:29 | 001,585,152 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Invitation2.pps
[2010/08/16 12:43:45 | 000,478,665 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Bernie Vermette - Grand Mamou.wav.wav
[2010/08/15 23:30:37 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/15 23:30:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/08/14 12:14:30 | 001,711,464 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\James Blunt- You Are Beaytiful.wav.wav

========== Files Created - No Company Name ==========

[2010/09/11 15:33:55 | 000,162,182 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\topic,109580.0.html
[2010/09/11 15:04:35 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\[email protected]
[2010/09/11 15:04:34 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk
[2010/09/11 15:01:21 | 000,001,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intel(R) Desktop Utilities.lnk
[2010/09/11 14:54:43 | 012,713,957 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012.zip
[2010/09/11 12:24:37 | 006,228,992 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\911 photos - Never Forget !.pps
[2010/09/09 09:05:29 | 000,070,734 | ---- | C] () -- C:\Program Files\Storage Drives.JPG
[2010/09/07 23:12:06 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/03 18:18:29 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Bonham\CFScript.txt
[2010/09/01 21:36:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:36:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:36:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 15:13:57 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/24 23:21:23 | 001,029,907 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht
[2010/08/24 09:28:02 | 000,016,603 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Nesco.jpg
[2010/08/16 12:43:53 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/16 12:43:42 | 000,478,665 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Bernie Vermette - Grand Mamou.wav.wav
[2010/08/14 12:55:26 | 001,585,152 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Invitation2.pps
[2010/08/14 12:27:50 | 001,711,464 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\James Blunt- You Are Beaytiful.wav.wav
[2010/07/16 23:04:48 | 000,019,724 | ---- | C] () -- C:\Program Files\FAHlog.txt
[2010/06/27 01:09:05 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010/04/06 22:25:53 | 000,327,002 | ---- | C] () -- C:\Program Files\Jumble.jpg
[2010/04/01 19:49:14 | 000,768,191 | ---- | C] () -- C:\Program Files\scan0001.pdf
[2010/04/01 19:29:53 | 005,613,568 | ---- | C] () -- C:\Program Files\Doc1.doc
[2010/03/11 11:17:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/02/10 01:09:09 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2010/02/10 01:09:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/02/10 01:06:58 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/11 19:58:04 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2010/01/11 19:58:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2010/01/11 19:58:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2010/01/11 19:19:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/01/08 13:10:43 | 000,005,212 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/26 14:03:47 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/12/16 16:46:54 | 000,049,244 | ---- | C] () -- C:\Program Files\autoruns.chm
[2008/03/16 23:51:57 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/19 19:15:05 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Bonham\Application Data\$_hpcst$.hpc
[2007/11/29 02:03:00 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/27 01:41:15 | 021,216,112 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/11/21 17:41:08 | 000,550,690 | ---- | C] () -- C:\Program Files\sbstar11.exe
[2007/11/17 12:06:23 | 003,458,671 | ---- | C] () -- C:\Program Files\PCTuneUpSetup.exe
[2007/11/14 22:03:20 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll
[2007/11/14 22:00:10 | 010,138,931 | ---- | C] () -- C:\Program Files\setupLE.exe
[2007/06/06 16:31:45 | 006,820,520 | ---- | C] () -- C:\Program Files\FirefoxGoogleToolbarSetup.exe
[2007/03/18 16:32:23 | 002,108,000 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\rx_audio.Cache
[2007/03/15 21:59:33 | 001,529,264 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\rx_image.Cache
[2007/03/11 22:52:47 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2007/03/10 22:36:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/03/10 00:13:44 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/05 19:22:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/03/04 12:31:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/02 20:44:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/01 22:40:12 | 000,000,171 | ---- | C] () -- C:\WINDOWS\EPSON CX3200 Installer.ini
[2007/02/27 16:24:19 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\fusioncache.dat
[2006/09/20 11:17:32 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
[2006/09/19 20:35:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 20:15:09 | 000,000,436 | R--- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/19 20:05:51 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/28 08:32:44 | 000,007,005 | ---- | C] () -- C:\Program Files\Eula.txt
[2005/12/01 17:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 15:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 12:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/02/05 08:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/09/19 14:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 17:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/16 07:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/30 07:19:24 | 000,006,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/02/25 09:59:33 | 000,128,832 | ---- | M] () -- C:\aaw7boot.log
[2008/03/17 01:03:13 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/24 09:21:44 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2010/09/11 15:13:29 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2007/02/26 17:57:13 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/09/19 19:17:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/04 09:33:38 | 000,000,251 | ---- | M] () -- C:\INSTALL.LOG
[2010/04/09 00:34:00 | 000,016,264 | ---- | M] () -- C:\Install.log.txt
[2006/09/19 19:17:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/31 13:08:49 | 000,007,183 | ---- | M] () -- C:\JavaRa.log
[2006/09/19 19:17:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 09:40:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/11 15:06:49 | 3219,091,456 | -HS- | M] () -- C:\pagefile.sys
[2009/11/04 16:00:59 | 000,000,805 | ---- | M] () -- C:\rollback.ini
[2010/09/02 20:52:46 | 000,015,232 | ---- | M] () -- C:\RootRepeal report 09-02-10 (20-52-45).txt
[2010/02/17 14:46:52 | 000,198,086 | ---- | M] () -- C:\Sensors.JPG

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 10:00:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/12/29 10:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/11/05 20:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/11/27 01:38:27 | 021,216,112 | ---- | M] () -- C:\Program Files\aaw2007.exe
[2010/09/09 08:48:11 | 000,049,244 | ---- | M] () -- C:\Program Files\autoruns.chm
[2009/03/31 00:01:00 | 000,648,064 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2009/03/31 00:01:00 | 000,540,544 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[2010/04/01 19:29:54 | 005,613,568 | ---- | M] () -- C:\Program Files\Doc1.doc
[2009/03/31 00:01:00 | 000,007,005 | ---- | M] () -- C:\Program Files\Eula.txt
[2010/07/16 23:04:48 | 000,019,724 | ---- | M] () -- C:\Program Files\FAHlog.txt
[2007/06/06 16:31:45 | 006,820,520 | ---- | M] () -- C:\Program Files\FirefoxGoogleToolbarSetup.exe
[2010/04/06 22:25:53 | 000,327,002 | ---- | M] () -- C:\Program Files\Jumble.jpg
[2007/11/17 12:06:41 | 003,458,671 | ---- | M] () -- C:\Program Files\PCTuneUpSetup.exe
[2007/11/21 17:41:15 | 000,550,690 | ---- | M] () -- C:\Program Files\sbstar11.exe
[2010/04/01 19:49:14 | 000,768,191 | ---- | M] () -- C:\Program Files\scan0001.pdf
[2007/11/14 22:00:10 | 010,138,931 | ---- | M] () -- C:\Program Files\setupLE.exe
[2010/09/09 09:05:29 | 000,070,734 | ---- | M] () -- C:\Program Files\Storage Drives.JPG

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/09/19 15:08:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/19 15:08:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/19 15:08:23 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/07 09:49:37 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2006/09/27 20:03:19 | 000,010,436 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\default.pls
[2006/09/27 22:33:13 | 000,000,240 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\UpdateLog.GDZ

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/25 00:51:32 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/02/09 00:21:52 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/02/23 01:05:46 | 000,078,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bonham\Desktop\AutoFix.exe
[2010/07/03 13:06:36 | 004,388,296 | ---- | M] (Foxit Software) -- C:\Documents and Settings\Bonham\Desktop\FoxitPDFEditor220.0205_enu_Setup.exe
[2010/09/11 15:50:54 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 13:43:35 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/03/29 20:25:26 | 002,957,656 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Bonham\Desktop\ZIPReader.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 10:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/02/26 17:50:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Bonham\Favorites\Desktop.ini
[2010/08/16 12:42:49 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Bonham\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/02/14 11:32:54 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/02 22:54:13 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Bonham\Cookies\desktop.ini
[2010/09/11 15:55:21 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Bonham\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[3 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 07:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2007/11/20 21:19:12 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[3 C:\Program Files\Messenger\*.tmp files -> C:\Program Files\Messenger\*.tmp -> ]

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 13:47:44

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71173EF9
@Alternate Data Stream - 88 bytes -> C:\Program Files\autoruns.chm:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bonham\Desktop\LG Manual.pdf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bonham\My Documents\Word Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bonham\My Documents\Excel Files:Roxio EMC Stream
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B879A65B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D68FBF6D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

Broni · « **Reply #33 on:** September 11, 2010, 03:03:14 PM »

Quote

under C:\ProgramFiles\Intel, there used to be and IDU folder

You're perfectly fine. I can see:

Quote

C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe (Intel(R) Corporation)

Same thing. Probably new version and you have Intel Desktop Utilities instead of IDU.

=========================================================

Uninstall Ask.com, as it's considered as an adware.

===========================================================

Run OTL

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code: [Select]

:OTL
DRV - (catchme) -- C:\DOCUME~1\Bonham\LOCALS~1\Temp\catchme.sys File not found
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No CLSID value found.
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No CLSID value found.
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\IDU\iptray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Value error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
[2010/09/01 21:36:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[3 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]
[3 C:\Program Files\Messenger\*.tmp files -> C:\Program Files\Messenger\*.tmp -> ]
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71173EF9
@Alternate Data Stream - 88 bytes -> C:\Program Files\autoruns.chm:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bonham\Desktop\LG Manual.pdf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bonham\My Documents\Word Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bonham\My Documents\Excel Files:Roxio EMC Stream
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B879A65B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D68FBF6D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

overthehill · « **Reply #34 on:** September 11, 2010, 03:25:50 PM »

Broni. As requested.
All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Bonham\LOCALS~1\Temp\catchme.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA2F14F-E956-44B8-8694-A5B615CDF341}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ipTray.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dvd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\ deleted successfully.
File {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Value error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tv\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\ deleted successfully.
File {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Value error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Bonham\Local Settings folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Bonham folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
C:\WINDOWS\inf\SET4B3.tmp deleted successfully.
C:\WINDOWS\inf\SET4EE.tmp deleted successfully.
C:\WINDOWS\inf\SET8C2.tmp deleted successfully.
C:\Program Files\Messenger\SET295.tmp deleted successfully.
C:\Program Files\Messenger\SET43.tmp deleted successfully.
C:\Program Files\Messenger\uninst0.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71173EF9 deleted successfully.
ADS C:\Program Files\autoruns.chm:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Bonham\Desktop\LG Manual.pdf:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Bonham\My Documents\Word Files:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Bonham\My Documents\Excel Files:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B879A65B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:211ED887 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D68FBF6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bonham
->Temp folder emptied: 22561786 bytes
->Temporary Internet Files folder emptied: 18763154 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70984 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bonham
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.12.0 log created on 09112010_163556

Files\Folders moved on Reboot...
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\Content.IE5\RLB0N3HL\board,9.0[1].html moved successfully.
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\Content.IE5\GJPO5G5T\index[5].htm moved successfully.
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\Content.IE5\GJPO5G5T\topic,109562.30[1].html moved successfully.
File\Folder C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Quick Scan
OTL logfile created on: 9/11/2010 4:43:49 PM - Run 11
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Bonham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.42 Gb Total Space | 202.89 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXP_MCE
Current User Name: Bonham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bonham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
PRC - C:\Program Files\Folding@home\Folding@home-x86\FahCore_78.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Folding@home\Folding@home-x86\[email protected] ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bonham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

========== Win32 Services (SafeList) ==========

SRV - (AWService) -- C:\Program Files\Intel\IDU\awServ.exe File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (IduService) Intel(R) -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)
SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)
SRV - (RoxUpnpServer) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions)

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (NVIDIAHWAccess) -- C:\Documents and Settings\Bonham\Application Data\NVIDIA\HWAccess.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (cpuidlep) -- C:\WINDOWS\System32\drivers\cpuidlep.sys ()
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (IAMTXP) Driver for Intel(R) -- C:\WINDOWS\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (FVDSCSI) -- C:\WINDOWS\system32\drivers\fvdscsi.sys (FarStone Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (fcdabus) -- C:\WINDOWS\system32\drivers\fcdabus.sys (FarStone Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mymanitoba.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/04/17 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions
[2010/04/11 16:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 21:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 11:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/15 11:04:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2002/01/09 00:26:42 | 000,319,488 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/09/11 16:36:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OCDLMgr] C:\Program Files\IZArc\OpenCandy\OCSetupHlp.dll (OpenCandy, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\[email protected] = C:\Program Files\Folding@home\Folding@home-x86\[email protected] ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189528423203 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189528318687 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.2.10.2 72.2.10.4
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Bonham/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 () -
O24 - Desktop Components:2 () - file:///C:/Documents%20and%20Settings/Bonham/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B74C62D20-1BC8-452C-B919-F9FAEBDDC056%7D/Forward/image0323232323232.jpg
O24 - Desktop Components:3 () -
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/17 01:03:13 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 15:50:32 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 15:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\Intel
[2010/09/11 15:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/09/11 14:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012
[2010/09/11 13:58:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/11 13:43:20 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/09/10 00:57:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bonham\Recent
[2010/09/08 12:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2010/09/03 18:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/02 20:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/02 20:00:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/01 21:38:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:36:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:36:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:36:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:36:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/31 13:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/31 13:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/20 21:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\Foxit Software
[2010/07/18 02:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Local Settings\Application Data\OpenCandy
[2010/07/18 00:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Motherboard Monitor 5
[2010/07/17 22:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\OpenCandy
[2010/07/17 12:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\SUPERAntiSpyware.com
[2010/07/03 13:06:36 | 004,388,296 | ---- | C] (Foxit Software) -- C:\Documents and Settings\Bonham\Desktop\FoxitPDFEditor220.0205_enu_Setup.exe
[2010/06/28 22:41:30 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/06/26 23:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/03/27 09:24:12 | 000,648,064 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2009/03/27 09:24:12 | 000,540,544 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe

========== Files - Modified Within 90 Days ==========

[2010/09/11 16:40:41 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 16:39:22 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/11 16:39:22 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/09/11 16:38:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 16:38:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 16:38:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 16:37:24 | 013,070,336 | ---- | M] () -- C:\Documents and Settings\Bonham\NTUSER.DAT
[2010/09/11 16:36:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/11 16:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 15:50:54 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 15:33:55 | 000,162,182 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\topic,109580.0.html
[2010/09/11 15:13:29 | 000,001,057 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/11 15:13:29 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/11 15:13:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 15:05:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bonham\ntuser.ini
[2010/09/11 15:02:51 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/11 15:01:21 | 000,001,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intel(R) Desktop Utilities.lnk
[2010/09/11 15:00:48 | 000,008,413 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\System32\drivers\osaio.sys
[2010/09/11 14:56:23 | 012,713,957 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012.zip
[2010/09/11 13:43:35 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/09/11 13:14:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft Word.lnk
[2010/09/11 12:24:37 | 006,228,992 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\911 photos - Never Forget !.pps
[2010/09/11 09:44:51 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Jumble, That Scrambled Word Game!.url
[2010/09/09 09:05:29 | 000,070,734 | ---- | M] () -- C:\Program Files\Storage Drives.JPG
[2010/09/09 08:48:11 | 000,049,244 | ---- | M] () -- C:\Program Files\autoruns.chm
[2010/09/08 23:57:40 | 002,643,698 | -H-- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\IconCache.db
[2010/09/07 23:12:06 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/07 17:28:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/30 15:13:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/24 23:35:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\SpeedFan.lnk
[2010/08/24 23:35:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/08/24 23:27:59 | 000,070,696 | ---- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 23:25:26 | 001,029,907 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht
[2010/08/24 09:27:15 | 000,016,603 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Nesco.jpg
[2010/08/23 19:21:31 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft PowerPoint.lnk
[2010/08/22 20:06:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/17 21:53:40 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Computer Hope.url
[2010/08/16 21:35:31 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft Excel.lnk
[2010/08/16 13:37:29 | 001,585,152 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Invitation2.pps
[2010/08/16 12:43:45 | 000,478,665 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Bernie Vermette - Grand Mamou.wav.wav
[2010/08/15 23:30:37 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/15 23:30:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/08/14 12:14:30 | 001,711,464 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\James Blunt- You Are Beaytiful.wav.wav
[2010/08/11 22:43:28 | 000,494,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 22:43:28 | 000,436,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 22:43:28 | 000,069,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 00:18:52 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 23:21:12 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\My eBay.url
[2010/07/21 11:03:39 | 000,045,787 | ---- | M] () -- C:\Documents and Settings\Bonham\My Documents\Proud to be Canadian.gif
[2010/07/21 00:04:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\You might be right.doc
[2010/07/17 23:07:03 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\IZArc.lnk
[2010/07/17 20:17:31 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Amazing Half Time Show.doc
[2010/07/17 18:29:18 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Any Video Converter.lnk
[2010/07/17 17:41:41 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/17 17:41:41 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/07/11 09:09:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk
[2010/07/03 13:06:36 | 004,388,296 | ---- | M] (Foxit Software) -- C:\Documents and Settings\Bonham\Desktop\FoxitPDFEditor220.0205_enu_Setup.exe
[2010/07/02 01:01:31 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Folding July 1 2010.xls
[2010/06/27 01:09:05 | 000,004,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys

========== Files Created - No Company Name ==========

[2010/09/11 15:33:55 | 000,162,182 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\topic,109580.0.html
[2010/09/11 15:04:35 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\[email protected]
[2010/09/11 15:04:34 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk
[2010/09/11 15:01:21 | 000,001,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intel(R) Desktop Utilities.lnk
[2010/09/11 14:54:43 | 012,713,957 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012.zip
[2010/09/11 12:24:37 | 006,228,992 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\911 photos - Never Forget !.pps
[2010/09/09 09:05:29 | 000,070,734 | ---- | C] () -- C:\Program Files\Storage Drives.JPG
[2010/09/07 23:12:06 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/03 18:18:29 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Bonham\CFScript.txt
[2010/09/01 21:36:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:36:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:36:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 15:13:57 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/24 23:21:23 | 001,029,907 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht
[2010/08/24 09:28:02 | 000,016,603 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Nesco.jpg
[2010/08/16 12:43:53 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/16 12:43:42 | 000,478,665 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Bernie Vermette - Grand Mamou.wav.wav
[2010/08/14 12:55:26 | 001,585,152 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Invitation2.pps
[2010/08/14 12:27:50 | 001,711,464 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\James Blunt- You Are Beaytiful.wav.wav
[2010/07/21 11:06:04 | 000,045,787 | ---- | C] () -- C:\Documents and Settings\Bonham\My Documents\Proud to be Canadian.gif
[2010/07/21 00:04:19 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\You might be right.doc
[2010/07/17 20:35:06 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Amazing Half Time Show.doc
[2010/07/16 23:04:48 | 000,019,724 | ---- | C] () -- C:\Program Files\FAHlog.txt
[2010/07/03 16:59:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/02 00:35:02 | 000,112,128 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Folding July 1 2010.xls
[2010/06/27 01:09:05 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010/06/26 23:48:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\SpeedFan.lnk
[2010/06/18 13:47:36 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/04/06 22:25:53 | 000,327,002 | ---- | C] () -- C:\Program Files\Jumble.jpg
[2010/04/01 19:49:14 | 000,768,191 | ---- | C] () -- C:\Program Files\scan0001.pdf
[2010/04/01 19:29:53 | 005,613,568 | ---- | C] () -- C:\Program Files\Doc1.doc
[2010/03/11 11:17:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/02/10 01:09:09 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2010/02/10 01:09:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/02/10 01:06:58 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/11 19:58:04 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2010/01/11 19:58:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2010/01/11 19:58:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2010/01/11 19:19:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/01/08 13:10:43 | 000,005,212 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/26 14:03:47 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/12/16 16:46:54 | 000,049,244 | ---- | C] () -- C:\Program Files\autoruns.chm
[2008/03/16 23:51:57 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/19 19:15:05 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Bonham\Application Data\$_hpcst$.hpc
[2007/11/29 02:03:00 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/27 01:41:15 | 021,216,112 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/11/21 17:41:08 | 000,550,690 | ---- | C] () -- C:\Program Files\sbstar11.exe
[2007/11/17 12:06:23 | 003,458,671 | ---- | C] () -- C:\Program Files\PCTuneUpSetup.exe
[2007/11/14 22:03:20 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll
[2007/11/14 22:00:10 | 010,138,931 | ---- | C] () -- C:\Program Files\setupLE.exe
[2007/06/06 16:31:45 | 006,820,520 | ---- | C] () -- C:\Program Files\FirefoxGoogleToolbarSetup.exe
[2007/03/18 16:32:23 | 002,108,000 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\rx_audio.Cache
[2007/03/15 21:59:33 | 001,529,264 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\rx_image.Cache
[2007/03/11 22:52:47 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2007/03/10 22:36:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/03/10 00:13:44 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/05 19:22:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/03/04 12:31:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/02 20:44:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/01 22:40:12 | 000,000,171 | ---- | C] () -- C:\WINDOWS\EPSON CX3200 Installer.ini
[2007/02/27 16:24:19 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\fusioncache.dat
[2006/09/20 11:17:32 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
[2006/09/19 20:35:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 20:15:09 | 000,000,436 | R--- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/19 20:05:51 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/28 08:32:44 | 000,007,005 | ---- | C] () -- C:\Program Files\Eula.txt
[2005/12/01 17:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 15:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 12:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/02/05 08:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/09/19 14:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 17:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/16 07:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/30 07:19:24 | 000,006,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/10 00:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/23 11:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2007/03/04 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/06/05 10:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2007/12/23 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/03/29 19:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/07/12 09:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/03/12 11:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/03/12 11:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/04/17 22:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/10/25 11:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/09 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/20 12:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/02/24 02:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/21 22:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/05 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2007/03/16 00:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/01/21 18:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/04/24 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/09 22:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 01:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2007/12/29 14:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/03/27 23:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\AnvSoft
[2010/03/25 16:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Auslogics
[2008/02/23 11:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Babylon
[2007/04/01 16:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Backup MyPC
[2007/12/24 14:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\eBay
[2010/02/12 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\EPSON
[2006/09/19 20:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\FarStone
[2010/09/09 08:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Folding@home-x86
[2009/03/30 16:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Foxit
[2010/07/20 21:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Foxit Software
[2010/04/01 21:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\FreeMoviesToDVD
[2010/03/27 22:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\GetGo Software
[2009/02/07 00:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\GlarySoft
[2010/03/11 18:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Image Zone Express
[2010/06/03 23:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\IObit
[2007/04/01 16:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Leadertech
[2010/03/25 23:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\LockHunter
[2010/04/09 12:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\MxBoost
[2009/04/10 01:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\NCH Swift Sound
[2010/04/19 09:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\NesterSoft
[2009/02/13 21:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\NewspaperDirect
[2010/07/17 22:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\OpenCandy
[2010/02/10 19:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Opera
[2010/03/22 11:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\PC Magazine Utilities
[2010/02/28 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Printer Info Cache
[2007/03/15 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\River Past G5
[2007/04/09 16:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\SlipStream
[2009/04/17 21:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\SpinTop
[2010/04/11 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Thunderbird
[2010/04/24 00:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Toolbar4
[2010/02/15 22:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Uniblue
[2010/04/16 01:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\USBSafelyRemove
[2010/03/11 10:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Video Converter for Any Flv Player
[2010/05/22 21:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\WhatPulse
[2010/06/05 00:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\WinPatrol
[2010/09/07 23:12:06 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/08/22 20:06:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========

< End of report >

Broni · « **Reply #35 on:** September 11, 2010, 03:37:53 PM »

Still same problem?

overthehill · « **Reply #36 on:** September 11, 2010, 03:50:15 PM »

I'm afraid so. Don't really know what my alternatives are. I don't have the XP OS disk. What they gave me were 4 Recovery (XP) disks and upgrade Vista OS disk. And, not sure that I wanta go there(Vista)?
overthehill

Broni · « **Reply #37 on:** September 11, 2010, 03:56:29 PM »

Is Intel Desktop Utilities listed in Add\Remove?
If so, uninstall it, leave it that way for now and see your CD/DVD drive access is back.
Restart computer after uninstalling.

overthehill · « **Reply #38 on:** September 11, 2010, 04:07:10 PM »

Tried that. Same results. overthehill

Broni · « **Reply #39 on:** September 11, 2010, 04:22:00 PM »

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.
Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:

Code: [Select]

:reg
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider /s

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

overthehill · « **Reply #40 on:** September 11, 2010, 04:36:29 PM »

As requested.overthehill

SystemLook 04.09.10 by jpshortstuff
Log created at 17:59 on 11/09/2010 by Bonham
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-1004]
(Unable to open key)

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500]
"Migrate"= 0x0000000002 (2)

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data]
"Blocking"=01 00 00 00 2c 03 49 56 1e 50 35 c9 42 96 b9 a1 69 79 0a 2a 87 24 64 77 28 c3 cf ac (REG_BINARY)

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data\14d96c20-255b-11d1-898f-00c04fb6bfc4]
"Display String"="InfoDelivery"

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data\14d96c20-255b-11d1-898f-00c04fb6bfc4\00000000-0000-0000-0000-000000000000]
"Display String"="Subscriptions"

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data\89c39569-6841-11d2-9f59-0000f8085266]
"Display String"="IdentityMgr"

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data\89c39569-6841-11d2-9f59-0000f8085266\600abcad-d4ea-4928-ac75-e366246f0c56]
"Display String"="Identities"

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data\89c39569-6841-11d2-9f59-0000f8085266\600abcad-d4ea-4928-ac75-e366246f0c56\IdentitiesPass]
"Behavior"=02 00 00 00 02 00 00 00 10 00 00 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 00 00 14 00 00 00 dd 09 45 15 b7 f0 3d a4 ca d3 15 58 28 84 96 91 24 4a 07 a6 (REG_BINARY)
"Item Data"=02 00 00 00 18 00 00 00 32 c0 36 31 a8 37 61 61 5c 37 c9 ed 8e 2f 05 94 98 df 56 7d c6 62 45 56 38 00 00 00 65 e6 b4 4a f2 c4 e7 c0 b4 52 88 e7 71 76 b7 08 1c 3d 32 a8 58 8e de 0b df 30 92 ac d8 c5 38 a8 78 7c 79 24 86 8f 55 cf 42 88 c4 9e 58 55 ab dc 01 1e 93 71 19 9c d8 12 (REG_BINARY)

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data 2]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3912740996-3383120692-1400082210-500\Data 2\Windows]
"Value"=01 00 00 00 1c 00 00 00 03 00 00 00 7c 72 21 56 b2 3e f5 d1 fc d5 46 eb 11 78 37 5d f8 6b 1d 0a a8 eb f7 9d 10 00 00 00 86 b2 d8 b2 5b ec f3 b6 83 e8 f1 74 eb 4e 1c a8 14 00 00 00 02 34 8a d6 f1 d5 07 24 87 48 bd ef a7 12 87 9b 02 63 5d ad (REG_BINARY)

-= EOF =-

Broni · « **Reply #41 on:** September 11, 2010, 04:55:45 PM »

OK, I found one more possible culprit....

Run OTL

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code: [Select]

:OTL
SRV - (AWService) -- C:\Program Files\Intel\IDU\awServ.exe File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

overthehill · « **Reply #42 on:** September 11, 2010, 05:15:17 PM »

As requested.overthehill

All processes killed
========== OTL ==========
Service AWService stopped successfully!
Service AWService deleted successfully!
File C:\Program Files\Intel\IDU\awServ.exe File not found not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bonham
->Temp folder emptied: 1368926 bytes
->Temporary Internet Files folder emptied: 2877779 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bonham
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.12.0 log created on 09112010_182850

Files\Folders moved on Reboot...
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\Content.IE5\ZH0BH8VB\index[4].htm moved successfully.
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\Content.IE5\KZK3KZLW\index[6].htm moved successfully.
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\Content.IE5\131KIXRU\board,9.0[2].html moved successfully.
C:\Documents and Settings\Bonham\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

OTL logfile created on: 9/11/2010 6:35:05 PM - Run 12
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Bonham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.42 Gb Total Space | 202.86 Gb Free Space | 88.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXP_MCE
Current User Name: Bonham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bonham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Folding@home\Folding@home-x86\FahCore_78.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Folding@home\Folding@home-x86\[email protected] ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bonham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)
SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)
SRV - (RoxUpnpServer) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions)

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (NVIDIAHWAccess) -- C:\Documents and Settings\Bonham\Application Data\NVIDIA\HWAccess.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (cpuidlep) -- C:\WINDOWS\System32\drivers\cpuidlep.sys ()
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (IAMTXP) Driver for Intel(R) -- C:\WINDOWS\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (FVDSCSI) -- C:\WINDOWS\system32\drivers\fvdscsi.sys (FarStone Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (fcdabus) -- C:\WINDOWS\system32\drivers\fcdabus.sys (FarStone Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mymanitoba.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/04/17 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions
[2010/04/11 16:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bonham\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 21:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 11:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/15 11:04:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2002/01/09 00:26:42 | 000,319,488 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/09/11 16:36:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OCDLMgr] C:\Program Files\IZArc\OpenCandy\OCSetupHlp.dll (OpenCandy, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\[email protected] = C:\Program Files\Folding@home\Folding@home-x86\[email protected] ()
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189528423203 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189528318687 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.2.10.2 72.2.10.4
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Bonham/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 () -
O24 - Desktop Components:2 () - file:///C:/Documents%20and%20Settings/Bonham/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B74C62D20-1BC8-452C-B919-F9FAEBDDC056%7D/Forward/image0323232323232.jpg
O24 - Desktop Components:3 () -
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bonham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/17 01:03:13 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 15:50:32 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 15:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\Intel
[2010/09/11 15:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/09/11 14:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012
[2010/09/11 13:58:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/11 13:43:20 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/09/10 00:57:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bonham\Recent
[2010/09/08 12:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2010/09/03 18:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/02 20:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/02 20:00:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/01 21:38:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:36:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:36:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:36:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:36:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/31 13:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/31 13:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/20 21:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\Foxit Software
[2010/07/18 02:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Local Settings\Application Data\OpenCandy
[2010/07/18 00:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Motherboard Monitor 5
[2010/07/17 22:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\OpenCandy
[2010/07/17 12:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonham\Application Data\SUPERAntiSpyware.com
[2010/07/03 13:06:36 | 004,388,296 | ---- | C] (Foxit Software) -- C:\Documents and Settings\Bonham\Desktop\FoxitPDFEditor220.0205_enu_Setup.exe
[2010/06/28 22:41:30 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/06/26 23:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/03/27 09:24:12 | 000,648,064 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2009/03/27 09:24:12 | 000,540,544 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe

========== Files - Modified Within 90 Days ==========

[2010/09/11 18:33:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 18:31:54 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/11 18:31:53 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/09/11 18:31:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 18:31:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 18:30:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 18:30:00 | 013,070,336 | ---- | M] () -- C:\Documents and Settings\Bonham\NTUSER.DAT
[2010/09/11 18:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 17:57:54 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\SystemLook.exe
[2010/09/11 17:26:55 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/11 16:36:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/11 15:50:54 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Bonham\Desktop\Norton_Removal_Tool.exe
[2010/09/11 15:33:55 | 000,162,182 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\topic,109580.0.html
[2010/09/11 15:13:29 | 000,001,057 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/11 15:13:29 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/11 15:13:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 15:05:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bonham\ntuser.ini
[2010/09/11 15:00:48 | 000,008,413 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\System32\drivers\osaio.sys
[2010/09/11 14:56:23 | 012,713,957 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012.zip
[2010/09/11 13:43:35 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonham\Desktop\OTL.exe
[2010/09/11 13:14:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft Word.lnk
[2010/09/11 12:24:37 | 006,228,992 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\911 photos - Never Forget !.pps
[2010/09/11 09:44:51 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Jumble, That Scrambled Word Game!.url
[2010/09/09 09:05:29 | 000,070,734 | ---- | M] () -- C:\Program Files\Storage Drives.JPG
[2010/09/09 08:48:11 | 000,049,244 | ---- | M] () -- C:\Program Files\autoruns.chm
[2010/09/08 23:57:40 | 002,643,698 | -H-- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\IconCache.db
[2010/09/07 23:12:06 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/07 17:28:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/30 15:13:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/24 23:35:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\SpeedFan.lnk
[2010/08/24 23:35:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/08/24 23:27:59 | 000,070,696 | ---- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 23:25:26 | 001,029,907 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht
[2010/08/24 09:27:15 | 000,016,603 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Nesco.jpg
[2010/08/23 19:21:31 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft PowerPoint.lnk
[2010/08/22 20:06:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/17 21:53:40 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Computer Hope.url
[2010/08/16 21:35:31 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Microsoft Excel.lnk
[2010/08/16 13:37:29 | 001,585,152 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Invitation2.pps
[2010/08/16 12:43:45 | 000,478,665 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Bernie Vermette - Grand Mamou.wav.wav
[2010/08/15 23:30:37 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/15 23:30:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/08/14 12:14:30 | 001,711,464 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\James Blunt- You Are Beaytiful.wav.wav
[2010/08/11 22:43:28 | 000,494,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 22:43:28 | 000,436,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 22:43:28 | 000,069,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 00:18:52 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 23:21:12 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\My eBay.url
[2010/07/21 11:03:39 | 000,045,787 | ---- | M] () -- C:\Documents and Settings\Bonham\My Documents\Proud to be Canadian.gif
[2010/07/21 00:04:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\You might be right.doc
[2010/07/17 23:07:03 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\IZArc.lnk
[2010/07/17 20:17:31 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Amazing Half Time Show.doc
[2010/07/17 18:29:18 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Any Video Converter.lnk
[2010/07/17 17:41:41 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Bonham\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/17 17:41:41 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/07/11 09:09:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk
[2010/07/03 13:06:36 | 004,388,296 | ---- | M] (Foxit Software) -- C:\Documents and Settings\Bonham\Desktop\FoxitPDFEditor220.0205_enu_Setup.exe
[2010/07/02 01:01:31 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Bonham\Desktop\Folding July 1 2010.xls
[2010/06/27 01:09:05 | 000,004,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys

========== Files Created - No Company Name ==========

[2010/09/11 17:57:54 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\SystemLook.exe
[2010/09/11 15:33:55 | 000,162,182 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\topic,109580.0.html
[2010/09/11 15:04:35 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\[email protected]
[2010/09/11 15:04:34 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk
[2010/09/11 14:54:43 | 012,713,957 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\IDU_3.1.1.012.zip
[2010/09/11 12:24:37 | 006,228,992 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\911 photos - Never Forget !.pps
[2010/09/09 09:05:29 | 000,070,734 | ---- | C] () -- C:\Program Files\Storage Drives.JPG
[2010/09/07 23:12:06 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/03 18:18:29 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Bonham\CFScript.txt
[2010/09/01 21:36:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:36:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:36:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 15:13:57 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/24 23:21:23 | 001,029,907 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\The Shopping Channel - Official Site.mht
[2010/08/24 09:28:02 | 000,016,603 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Nesco.jpg
[2010/08/16 12:43:53 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/16 12:43:42 | 000,478,665 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Bernie Vermette - Grand Mamou.wav.wav
[2010/08/14 12:55:26 | 001,585,152 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Invitation2.pps
[2010/08/14 12:27:50 | 001,711,464 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\James Blunt- You Are Beaytiful.wav.wav
[2010/07/21 11:06:04 | 000,045,787 | ---- | C] () -- C:\Documents and Settings\Bonham\My Documents\Proud to be Canadian.gif
[2010/07/21 00:04:19 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\You might be right.doc
[2010/07/17 20:35:06 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Amazing Half Time Show.doc
[2010/07/16 23:04:48 | 000,019,724 | ---- | C] () -- C:\Program Files\FAHlog.txt
[2010/07/03 16:59:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/02 00:35:02 | 000,112,128 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\Folding July 1 2010.xls
[2010/06/27 01:09:05 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010/06/26 23:48:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Bonham\Desktop\SpeedFan.lnk
[2010/06/18 13:47:36 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/04/06 22:25:53 | 000,327,002 | ---- | C] () -- C:\Program Files\Jumble.jpg
[2010/04/01 19:49:14 | 000,768,191 | ---- | C] () -- C:\Program Files\scan0001.pdf
[2010/04/01 19:29:53 | 005,613,568 | ---- | C] () -- C:\Program Files\Doc1.doc
[2010/03/11 11:17:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/02/10 01:09:09 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2010/02/10 01:09:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/02/10 01:06:58 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/11 19:58:04 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2010/01/11 19:58:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2010/01/11 19:58:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2010/01/11 19:19:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/01/08 13:10:43 | 000,005,212 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/26 14:03:47 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/12/16 16:46:54 | 000,049,244 | ---- | C] () -- C:\Program Files\autoruns.chm
[2008/03/16 23:51:57 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/19 19:15:05 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Bonham\Application Data\$_hpcst$.hpc
[2007/11/29 02:03:00 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/27 01:41:15 | 021,216,112 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/11/21 17:41:08 | 000,550,690 | ---- | C] () -- C:\Program Files\sbstar11.exe
[2007/11/17 12:06:23 | 003,458,671 | ---- | C] () -- C:\Program Files\PCTuneUpSetup.exe
[2007/11/14 22:03:20 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll
[2007/11/14 22:00:10 | 010,138,931 | ---- | C] () -- C:\Program Files\setupLE.exe
[2007/06/06 16:31:45 | 006,820,520 | ---- | C] () -- C:\Program Files\FirefoxGoogleToolbarSetup.exe
[2007/03/18 16:32:23 | 002,108,000 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\rx_audio.Cache
[2007/03/15 21:59:33 | 001,529,264 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\rx_image.Cache
[2007/03/11 22:52:47 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2007/03/10 22:36:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/03/10 00:13:44 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/05 19:22:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/03/04 12:31:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/02 20:44:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/01 22:40:12 | 000,000,171 | ---- | C] () -- C:\WINDOWS\EPSON CX3200 Installer.ini
[2007/02/27 16:24:19 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bonham\Local Settings\Application Data\fusioncache.dat
[2006/09/20 11:17:32 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
[2006/09/19 20:35:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 20:15:09 | 000,000,436 | R--- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/19 20:05:51 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/28 08:32:44 | 000,007,005 | ---- | C] () -- C:\Program Files\Eula.txt
[2005/12/01 17:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 15:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 12:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/02/05 08:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/09/19 14:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 17:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/16 07:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/30 07:19:24 | 000,006,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/10 00:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/23 11:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2007/03/04 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/06/05 10:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2007/12/23 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/03/29 19:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/07/12 09:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/03/12 11:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/03/12 11:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/04/17 22:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/10/25 11:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/09 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/20 12:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/02/24 02:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/21 22:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/05 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2007/03/16 00:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/01/21 18:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/04/24 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/09 22:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 01:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2007/12/29 14:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/03/27 23:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\AnvSoft
[2010/03/25 16:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Auslogics
[2008/02/23 11:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Babylon
[2007/04/01 16:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Backup MyPC
[2007/12/24 14:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\eBay
[2010/02/12 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\EPSON
[2006/09/19 20:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\FarStone
[2010/09/09 08:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Folding@home-x86
[2009/03/30 16:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Foxit
[2010/07/20 21:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Foxit Software
[2010/04/01 21:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\FreeMoviesToDVD
[2010/03/27 22:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\GetGo Software
[2009/02/07 00:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\GlarySoft
[2010/03/11 18:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Image Zone Express
[2010/06/03 23:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\IObit
[2007/04/01 16:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Leadertech
[2010/03/25 23:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\LockHunter
[2010/04/09 12:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\MxBoost
[2009/04/10 01:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\NCH Swift Sound
[2010/04/19 09:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\NesterSoft
[2009/02/13 21:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\NewspaperDirect
[2010/07/17 22:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\OpenCandy
[2010/02/10 19:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Opera
[2010/03/22 11:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\PC Magazine Utilities
[2010/02/28 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Printer Info Cache
[2007/03/15 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\River Past G5
[2007/04/09 16:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\SlipStream
[2009/04/17 21:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\SpinTop
[2010/04/11 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Thunderbird
[2010/04/24 00:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Toolbar4
[2010/02/15 22:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Uniblue
[2010/04/16 01:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\USBSafelyRemove
[2010/03/11 10:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\Video Converter for Any Flv Player
[2010/05/22 21:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\WhatPulse
[2010/06/05 00:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonham\Application Data\WinPatrol
[2010/09/07 23:12:06 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/08/22 20:06:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========

< End of report >

Broni · « **Reply #43 on:** September 11, 2010, 05:18:46 PM »

Did you restart computer?
If not, do so.
Same problem?

overthehill · « **Reply #44 on:** September 11, 2010, 05:29:13 PM »

Yes,Broni. Same problem. overthehill

Broni · « **Reply #45 on:** September 11, 2010, 05:38:22 PM »

Interesting.
How long ago did it happen?
Do you remember installing/doing anything specific at that time?

Do you have KB927891 update installed?

overthehill · « **Reply #46 on:** September 11, 2010, 06:04:25 PM »

Quote from: Broni on September 11, 2010, 05:38:22 PM

Interesting.
How long ago did it happen?
Do you remember installing/doing anything specific at that time?

Do you have KB927891 update installed?

Hi Broni. This happened at the end of Aug. I downloaded a couple of YouTube files, transferred them to a Flash Drive and shut down the drive and the PC with no apparent problems. First thing the next morning (before booting up) I disconnected an auxillary fan, fooled around with the PSU wiring after receiving the aforementioned messages and have been in this predicament ever since. And I've checked all of my updates( which run automatically) but do not see that one. I'll attempt to find and download it. overthehill

PS Is there any chance whatsoever that this could be a wiring concern?

Broni · « **Reply #47 on:** September 11, 2010, 06:11:40 PM »

I doubt, it's a wiring problem, but I may be wrong.

Do you have any restore point from before the end of August?
Your computer had some infection, which was removed by Combofix in malware forum, so if you use restore point, you'll have to rescan.

overthehill · « **Reply #48 on:** September 11, 2010, 06:21:30 PM »

No unfortunately I'm unable to restore any earlier than Sept.8. When you had asked this question previously I had attempted to do just that. It would let me select an earlier date , the PC would reboot and then tell me that the system restore was unsuccessful. After trying this a number of times unsuccessfully I decided to turn off system restore. I then turned it back on, but now it will not let me go back further that Sept. 8. overthehill

PS The update that you referred to is not necessary (as I'm told) because my service pack is newer than the file.

Broni · « **Reply #49 on:** September 11, 2010, 06:29:25 PM »

Couple more tries...

1. Start- Run- type in - gpedit.msc
Click - Computer configuration - Administrative Templates - System - Removable Storage Access
See, if there are any restrictions there.

2. Try to create new admin account and see, if same issue is there.

overthehill · « **Reply #50 on:** September 11, 2010, 06:43:29 PM »

Broni. I followed your instructions but I don't see "Removable Storage Access" under System. overthehill

Broni · « **Reply #51 on:** September 11, 2010, 06:48:32 PM »

Try second option.
I'll be out for couple of hours, so I'll check on you later.

overthehill · « **Reply #52 on:** September 11, 2010, 09:43:45 PM »

Quote from: Broni on September 11, 2010, 06:29:25 PM

2. Try to create new admin account and see, if same issue is there.

Hi again Broni. I don't know quite where to start but the problem that we've been having is not the wiring. I created a new account like you suggested and as far as the "Storage Drives", things have improved immensely. You've definitely got me on the right track.
The drives under the new account no longer have the grey circle with the red strike through. Don't know exactly how to describe what the icons look like (but quite common I'm sure) but don't think that they're as they looked previously. But no matter. As long as the drives are functional.
So; 1) tried a CD and was able to view the pictures.
2) plugged in my external drive and appeared to work OK.
3) this is where I have a problem. It doesn't recognize any files on my Flash Drive.? It doesn't open as before which would give me many options when plugged in. Could this be Auto Run or such? I have a second Flash Drive but I'm a little afraid to plug it in. This is the Flash Drive that I copied the downloaded files to which I'm wondering whether or not possibly created the problem in the first place??. What would you suggest about this? How does one deal with an infected storage drive anyway?

I didn't stay logged on as the new user because everything that I'm used to has been changed and many programs etc.,etc. will have to be reconfigured and some sites copied to my desktop( my wife would never find them)

. This is the first time that I have logged on as a new user so I was quite surprised at what greeted me. I couldn't believe my desktop ! And, I'm sure that this could all be worked out but I'm still concerned about the Flash Drives. I have no idea at this time whether or not I'll be able to get the drives to function properly either, in regards to copying etc. Time will tell.

Any suggestions that you have on the "flash drives "(or other matters that I should be dealing with concerning this whole fiasco)would be very much appreciated. overthehill

Broni · « **Reply #53 on:** September 11, 2010, 10:48:37 PM »

OK, some good news then

It looks like your previous profile got corrupted somewhere.
Your best option, at this moment, would be to transfer all data from old account to new account and delete old profile.

Quote

It doesn't open as before which would give me many options when plugged in. Could this be Auto Run or such?

Yes. There may be several sources of the issue, including your AV program. In today's dangerous world, having autoruns disabled is a safer solution
In your case, you have this registry setting:

Quote

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108799

67108799 value means, autorun is disabled on all drives.
If you insist, we can change this.

Now, to safely scan any USB device, install his on your computer....

Download, and run Flash Disinfector, and save it to your desktop.

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

overthehill · « **Reply #54 on:** September 12, 2010, 08:13:15 AM »

I can't express in words how much I appreciate all you've done for me . You've been most helpful and have stuck with me. The bad news for you is you may have not heard the last of me.

Thank You. overthehill

Broni · « **Reply #55 on:** September 12, 2010, 10:16:02 AM »

You're very welcome

I hope, you won't have any more problems, but if anything...I'll be around

Computer Hope Forum

News:

Author Topic: Restriction Warning (Read 24867 times)

overthehill

patio

overthehill

Broni

overthehill

Broni

overthehill

Broni

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni

overthehill

Broni