[RESOLVED] Can't remove Rogers Online Protection

**COPO** · February 7th, 2010, 08:19 PM

I just went into the directory and renamed the dir then renamed AVCntxtR.dll to .doc and was able to delete all the files and the directory.
Rebooting now to see if the directory gets rebuilt automatically.

**COPO** · February 7th, 2010, 08:26 PM

And the directory returns after a reboot after I deleted it. I renamed the directory too before I deleted it.

Does Win XP use a autoexec.bat or config.sys file? If so maybe it's in there. Or am I going back too many yrs?

So I guess OTM did work but after the reboot, something is building the directory or restoring it if it get clobbered.
Any ideas what to try?

Going to run OTM again, I want to see if the dir is gone.
Rebooting now.\

Does it make any diff if there are 2 directories like this
C:\Program Files\Rogers Online Protection\Rogers Online Protection

I read that some have had to call Rogers for a link for the removal of the directory.

It came back after the reboot. And as soon as I right clicked on Start it said ....prepairing to install
The files and other dirs are under the 2nd Rogers Online Protection

**Broni** · February 7th, 2010, 08:58 PM

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**COPO** · February 7th, 2010, 09:08 PM

running, how long should it take...I'm on my laptop at the same time watching the game then go to the basement to do the stuff on the Tower when I see a program to run.

**COPO** · February 7th, 2010, 09:58 PM

OTL logfile created on: 2/7/2010 8:09:14 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 636.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.13 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 247.73 Mb Total Space | 69.95 Mb Free Space | 28.23% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/07 20:05:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/12/19 10:07:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/19 10:07:03 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/08/26 11:08:21 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/28 06:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2008/04/28 06:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/25 07:43:44 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/10/05 10:54:28 | 000,118,784 | ---- | M] (In-System Design, Inc.) -- C:\WINDOWS\tppaldr.exe

========== Modules (SafeList) ==========

MOD - [2010/02/07 20:05:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/12/17 01:08:57 | 000,407,408 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\asoehook.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/19 10:07:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)
SRV - [2009/08/26 11:08:19 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/04/28 06:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/04/28 06:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://ca.red.clientapps.yahoo.com/c...search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 1886680168
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.022
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/02/07 12:02:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/07 12:02:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 10:05:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/22 21:29:07 | 000,000,000 | ---D | M]

[2009/03/11 20:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/08/17 22:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions
[2009/08/06 20:25:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/27 09:37:06 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/06/28 21:02:04 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2007/12/12 18:39:42 | 000,000,000 | ---D | M] (WebFerret Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{bdf6c059-21b4-4aab-84c1-e16d9179c37e}
[2009/08/17 22:03:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/27 22:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/27 22:26:01 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2009/06/20 19:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\[email protected]
[2009/07/30 09:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\[email protected]
[2009/08/17 22:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ovx6shs.default\extensions\unplug@compunach
[2009/12/19 10:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

**COPO** · February 7th, 2010, 09:58 PM

O1 HOSTS File: ([2010/02/07 19:33:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} http://download.yahoo.com/dl/ypc/ypc...2003080601.cab (YPCXWizard Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1191200523921 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1258432943203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/30 10:08:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk /r \??\H

- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/30 10:07:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/07 20:05:22 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/07 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Rogers Online Protection
[2010/02/07 17:09:34 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/02/07 17:07:35 | 000,504,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/02/07 13:37:27 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symtdiv.sys
[2010/02/07 13:37:26 | 000,362,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symtdi.sys
[2010/02/07 13:37:25 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symefa.sys
[2010/02/07 13:37:24 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symds.sys
[2010/02/07 13:37:23 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtspx.sys
[2010/02/07 13:37:22 | 000,325,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtsp.sys
[2010/02/07 13:37:21 | 000,116,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\ironx86.sys
[2010/02/07 13:37:19 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\cchpx86.sys
[2010/02/07 12:02:36 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/07 12:02:36 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/07 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/07 11:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2010/02/07 11:28:55 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/07 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/02/07 11:12:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/02/07 11:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2010/02/07 11:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2010/02/07 03:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/02/07 03:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2010/02/06 17:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco(5)
[2010/02/06 16:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco(4)
[2010/02/06 16:09:26 | 001,807,040 | ---- | C] (Rogers) -- C:\Documents and Settings\Administrator\My Documents\RogersServicepointAgent.exe
[2010/02/06 12:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco(3)
[2010/02/06 11:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/02/06 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco(2)
[2010/02/06 11:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/26 17:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Norton
[2010/01/26 17:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
[2010/01/26 17:48:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/01/26 17:48:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1105000.07F
[2010/01/26 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/01/26 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/01/26 17:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/01/26 17:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/19 11:02:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/27 15:06:19 | 000,561,152 | ---- | C] (Joshua F. Madison) -- C:\Program Files\Convert.exe
[2009/07/23 13:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/29 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/28 19:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/24 20:59:58 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- C:\Program Files\Common Files\tppupd2k.dll
[2007/11/08 19:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/09/30 10:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/30 10:08:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/07 20:11:28 | 081,530,656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/07 20:09:35 | 002,256,672 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/07 20:05:42 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/02/07 20:05:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/07 19:35:12 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 19:34:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 19:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 19:34:15 | 001,095,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/07 19:34:15 | 000,215,648 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/07 19:34:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/07 19:33:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/02/07 19:13:57 | 000,000,527 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/07 19:13:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/07 19:13:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 17:11:17 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/02/07 17:07:37 | 000,504,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/02/07 17:06:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\System Look Program on desktop.doc
[2010/02/07 17:02:29 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/02/07 13:09:06 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 12:02:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/07 12:02:36 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/07 12:02:36 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/07 12:02:36 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/07 12:01:11 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2010/02/07 11:30:55 | 001,131,304 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Revo Uninstaller Pro Help.pdf
[2010/02/07 11:28:56 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/07 10:23:06 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/02/07 00:57:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/07 00:43:18 | 000,661,250 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/02/07 00:02:48 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Can't remove Rogers Online Protection - Virtual Dr Forums-Computer Tech Support.url
[2010/02/06 23:57:34 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rogers Yahoo! Software Centre.url
[2010/02/06 23:29:01 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SHSupdates.xml
[2010/02/06 23:28:59 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\log.doc
[2010/02/06 23:22:08 | 100,871,006 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\regbkup.reg
[2010/02/06 23:18:05 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How can I fully remove Norton Antivirus from my system Free Tech Support Ask Dave Taylor!®.url
[2010/02/06 16:09:26 | 001,807,040 | ---- | M] (Rogers) -- C:\Documents and Settings\Administrator\My Documents\RogersServicepointAgent.exe
[2010/02/06 10:36:41 | 000,000,303 | ---- | M] () -- C:\WINDOWS\ST6UNST.000
[2010/01/26 12:52:16 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Piriform - Download.url

**COPO** · February 7th, 2010, 09:59 PM

========== Files Created - No Company Name ==========

[2010/02/07 17:06:44 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\System Look Program on desktop.doc
[2010/02/07 17:02:29 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/02/07 13:37:26 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symnetv.cat
[2010/02/07 13:37:26 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symnetv.inf
[2010/02/07 13:37:26 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symnet.inf
[2010/02/07 13:37:25 | 000,007,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symefa.cat
[2010/02/07 13:37:25 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symnet.cat
[2010/02/07 13:37:25 | 000,003,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symefa.inf
[2010/02/07 13:37:24 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symds.cat
[2010/02/07 13:37:24 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symds.inf
[2010/02/07 13:37:23 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtspx.cat
[2010/02/07 13:37:23 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtspx.inf
[2010/02/07 13:37:21 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtsp.cat
[2010/02/07 13:37:21 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtsp.inf
[2010/02/07 13:37:21 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\iron.inf
[2010/02/07 13:37:20 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\iron.cat
[2010/02/07 13:37:19 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\cchpx86.cat
[2010/02/07 13:37:19 | 000,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\cchpx86.inf
[2010/02/07 13:35:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\isolate.ini
[2010/02/07 12:02:36 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/07 12:02:36 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/07 12:02:25 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/02/07 12:01:11 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2010/02/07 11:30:55 | 001,131,304 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Revo Uninstaller Pro Help.pdf
[2010/02/07 11:28:56 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/07 00:02:48 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Can't remove Rogers Online Protection - Virtual Dr Forums-Computer Tech Support.url
[2010/02/06 23:57:34 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rogers Yahoo! Software Centre.url
[2010/02/06 23:29:01 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SHSupdates.xml
[2010/02/06 23:28:58 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\log.doc
[2010/02/06 23:28:56 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\updateinfo.txt
[2010/02/06 23:21:59 | 100,871,006 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\regbkup.reg
[2010/02/06 23:18:05 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How can I fully remove Norton Antivirus from my system Free Tech Support Ask Dave Taylor!®.url
[2010/02/06 17:00:14 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/06 10:36:41 | 000,000,303 | ---- | C] () -- C:\WINDOWS\ST6UNST.000
[2010/01/26 17:50:44 | 000,661,250 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/01/26 12:52:16 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Piriform - Download.url
[2009/05/21 23:41:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/05/21 23:33:23 | 000,000,199 | ---- | C] () -- C:\WINDOWS\mmaestro.ini
[2008/10/06 23:37:59 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/01/12 18:02:10 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008/01/12 17:54:37 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/13 14:43:19 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/13 14:43:18 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/12 18:39:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\NetFerret.dll
[2007/11/07 19:38:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/10/31 16:31:11 | 000,000,020 | ---- | C] () -- C:\WINDOWS\hppsapp.INI
[2007/10/07 10:42:23 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/10/07 10:42:23 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/10/07 10:24:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/06 09:44:25 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/30 22:44:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2007/02/20 12:07:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2008/04/10 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eBay
[2009/12/31 17:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2008/07/19 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RipIt4Me
[2010/02/07 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rogers Online Protection
[2010/02/07 03:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2009/07/26 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2008/03/31 19:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/04/10 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/02/07 11:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rogers Online Protection
[2009/12/09 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/10 18:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2007/09/30 19:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/22 20:50:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/22 20:50:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/22 20:50:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/22 20:50:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FB286BF
< End of report >

**COPO** · February 7th, 2010, 10:00 PM

OTL Extras logfile created on: 2/7/2010 8:09:14 PM - Run 1OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 636.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.13 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 247.73 Mb Total Space | 69.95 Mb Free Space | 28.23% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B1B3FC3-5D41-42B6-85B1-27223246E438}" = RPS Zip
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29B592AC-3121-4AC6-B0DB-6661EB4311B7}" = Aperture
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F1074A4-B6D4-4C4D-A728-C1EADDB188D9}" = RPS Security Cleanup
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AB59D99-F209-4705-96A0-304C53D88958}" = RPS RpsCore
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{426B3380-B8F7-4A69-9838-B1A8237F0B00}" = RPS Burn
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6709A989-F0AC-43E5-9DE8-4100A85715BD}" = RPS Ad Blocker
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5F989B-D61A-48BF-B860-3EB95600155F}" = RPS Firewall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8784867F-AA3D-4258-837C-0DC6EBAFDB5E}" = RPS Ksdk
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{94570A74-CA05-43A7-9B1E-38142CDDE93B}" = RPS AntiVirus
"{97F7C9CE-5C2A-4095-9BC5-3AA6A49F191B}" = RPS Performance Tool
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE68FB75-1887-48E8-95D9-6A2571CBC2EF}" = RPS ParentalControl
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C96AA12B-D119-4093-95B3-8AC44D38BED8}" = RPS Privacy Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B3}" = WinZip 11.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFAC9887-F0FA-408D-BACE-8009A16C2E0D}" = RPS AntiSpyware
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5520D44-B1D7-4D38-A9FF-23B0137CC71E}" = RPS AntiFraud
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DD188FB1-263D-4602-9608-7CABFEA6E25F}" = RPS Backup
"{DE39E9CB-637B-45B4-B7D6-4842F3988871}" = RPS App Detector
"{E15329B7-99DB-4A2E-A6FC-68699A957264}" = RPS Diagnostic Utility
"{E258A840-7E9A-443A-B156-67102C48BF17}" = TPP Storage Driver Installation
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F88B38F4-1A34-4F7F-B2F7-9CA78F209BB0}" = RPS PopupBlocker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalogX POW!" = AnalogX POW!
"CCleaner" = CCleaner (remove only)
"Corel Uninstaller" = Corel Uninstaller
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flash Movie Player" = Flash Movie Player 1.5
"FLVPlayer" = FLV Player 1.3.3
"FTP Explorer" = FTP Explorer
"HijackThis" = HijackThis 2.0.2
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Image Composer" = Microsoft Image Composer 1.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoPerfect Express_is1" = PhotoPerfect Express 1.00
"PrintKey2000" = PrintKey2000
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Scan-To-Web" = HP ScanJet Scan-to-Web Wizard
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TPP200" = USB Storage Adapter V2 (TPP)
"TPP300" = USB Storage Adapter V3 (TPP)
"TPP725" = USB Storage Adapter (TPP)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebFerret" = WebFerret
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2010 5:56:26 PM | Computer Name = HOME | Source = Windows Search Service | ID = 3024
Description =

Error - 2/6/2010 11:51:08 PM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/6/2010 11:51:08 PM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/6/2010 11:51:09 PM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/7/2010 1:17:23 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/7/2010 1:17:23 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/7/2010 2:08:09 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 2:08:09 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 2:09:04 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application CCleaner.exe, version 2.24.0.1010, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 2:11:18 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application CCleaner.exe, version 2.24.0.1010, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/7/2010 6:46:30 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/7/2010 7:02:14 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Rogers Online Protection Firewall service failed to start due
to the following error: %%2

Error - 2/7/2010 7:02:17 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/7/2010 7:07:12 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/7/2010 8:15:17 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/7/2010 8:18:58 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/7/2010 8:33:48 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The PDAgent service terminated unexpectedly. It has done this 1 time(s).

Error - 2/7/2010 8:33:48 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The PDEngine service terminated unexpectedly. It has done this 1
time(s).

Error - 2/7/2010 8:33:48 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/7/2010 8:35:11 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

< End of report >

**Broni** · February 7th, 2010, 11:16 PM

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

Code:

:OTL
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers  Online Protection\Rogers Online Protection\pkR.dll File not found
[2010/02/07 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Rogers Online Protection
[2010/02/06 16:09:26 | 001,807,040 | ---- | C] (Rogers) -- C:\Documents and Settings\Administrator\My Documents\RogersServicepointAgent.exe
[2010/02/07 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rogers Online Protection
[2010/02/07 11:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rogers Online Protection


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**COPO** · February 7th, 2010, 11:32 PM

running, and rebooted, as soon as I right clicked on Start, msg came up windows configures RPS Antivirus.
The directory has rebuilt itself again. I'm going to get rogers on the phone to see if they have a removal link or program and see what they say.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\ deleted successfully.
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Tool folder moved successfully.
C:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US folder moved successfully.
C:\Program Files\Rogers Online Protection\Rogers Online Protection\resources folder moved successfully.
C:\Program Files\Rogers Online Protection\Rogers Online Protection folder moved successfully.
C:\Documents and Settings\Administrator\My Documents\RogersServicepointAgent.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\Rogers Online Protection\Rogers Online Protection folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Virus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Support folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\SpywareExclusionList folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Report folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\PingServers folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Parental folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\MiniDump folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Help folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\FirewallRules folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\Exclusion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\AVQ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection\ASQ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Rogers Online Protection\Rogers Online Protection folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1439 bytes
->Temporary Internet Files folder emptied: 7302886 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.28.0 log created on 02072010_223253

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_368.dat not found!

Registry entries deleted on Reboot...

**Broni** · February 8th, 2010, 12:01 AM

I have no idea what's going on here.
Maybe I've been on a computer for too long today and I don't see something....

**COPO** · February 8th, 2010, 12:04 AM

I called Rogers and they emailed me a RpsUU.exe file to download to my desktop to run.

It uninstalled everything that was left out on my system. HURRAY!!!
Let me know if you want me to upload it to my space I have on the car forum I belong to.

And thank you very much for all your hard work tonight. I find it amazing how much all you guys know.

**Broni** · February 8th, 2010, 12:06 AM

You're very welcome

Yeah, I'd like to have a file like that.
Good news then

**COPO** · February 8th, 2010, 12:17 AM

Title: How do I run the Rogers Online Protection Uninstall Tool(RPSUU.exe)?

Question: How do I run the Rogers Online Protection Uninstall Tool?

Answer: If you are unable to remove Rogers Online Protection through Windows Add/Remove Programs, run this uninstall tool.

Click here to download the RpsUU.exe file to your Desktop.
Double click the file to run it.
Click Yes to confirm that you want to uninstall.
Restart the computer when prompted.

I've also uploaded the file below in case the link above gets lost or disappears for your use or for any other user who no longer wants to use ROP and has a problem with the uninstall.

http://www.nastyz28.com/~copo/RpsUU.exe

**Broni** · February 8th, 2010, 12:20 AM

Thanks, got it

Thread: [RESOLVED] Can't remove Rogers Online Protection

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions