Half of the errors come from aswMon2.SYS, which is part of Avast.
The other half come from ntoskrnl.exe, which can indicate anything.
I'm not sure what's going on here.
I suggest that you start a new topic in the Malware Removal and Spyware Removal area.
Before you start a new topic click on this link --> Malware and Spyware Cleaning Guide, Please read before starting a new topic. This will give you a few preparations to make, as well as instruction for posting your OTListIt2 log.
If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
I have completed the Malware and Spyware Cleaning Guide (I think) Posted below are the requested results
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.11
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:69 Go - Free:39 Go )
D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [Removable]
L:\ [Fixed-FAT32] .. ( Total:111 Go - Free:26 Go )
.
Scan : 21:46.26
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (600)
______ \??\C:\WINDOWS\system32\csrss.exe (668)
______ \??\C:\WINDOWS\system32\winlogon.exe (704)
______ C:\WINDOWS\system32\services.exe (752)
______ C:\WINDOWS\system32\lsass.exe (764)
______ C:\WINDOWS\system32\svchost.exe (928)
______ C:\WINDOWS\system32\svchost.exe (996)
______ C:\WINDOWS\System32\svchost.exe (1096)
______ C:\WINDOWS\system32\svchost.exe (1128)
______ C:\WINDOWS\System32\svchost.exe (1296)
______ C:\WINDOWS\System32\svchost.exe (1400)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1456)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1512)
______ C:\WINDOWS\system32\spoolsv.exe (1800)
______ C:\WINDOWS\Explorer.EXE (524)
______ C:\WINDOWS\System32\svchost.exe (952)
______ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (1048)
______ C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (1232)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1360)
______ C:\Program Files\QuickTime\qttask.exe (1336)
______ C:\Program Files\ATI Multimedia\main\launchpd.exe (1380)
______ C:\WINDOWS\system32\ctfmon.exe (1388)
______ C:\WINDOWS\System32\svchost.exe (1980)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (1164)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (648)
______ C:\WINDOWS\System32\alg.exe (2384)
______ C:\Program Files\Internet Explorer\iexplore.exe (2464)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (3860)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5953135104)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5953167360 | Length:74093322240)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
==> Vundo <==
.
----------------------\\ Scan completed at 21:46.35
.
C:\Rooter$\Rooter_1.txt - (09/07/2009 | 21:46.35)
OTL Extras logfile created on: 7/9/2009 9:49:17 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 678.04 Mb Available Physical Memory | 66.25% Memory free
1.56 Gb Paging File | 1.21 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.67 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32
Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found
C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager (Pinnacle Systems, Inc.)
C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio (Pinnacle Systems)
C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile ( )
C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:PMSManager (Pinnacle Systems)
C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi (Pinnacle Systems, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax File not found
C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)
C:\WINDOWS\LMI22E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 ()
C:\Program Files\NETGEAR\Media Server\MediaServer.exe:*:Enabled:Media Server (Digital 5 Inc)
C:\Documents and Settings\Owner\Local Settings\Temp\7zS2A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{12C25800-EF49-4AE3-AF60-8981001A6F3B}" = Nuance PDF Professional 5
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{23170F69-40C1-2701-0904-000001000000}" = 7-Zip 9.04
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{46571E47-6457-4D68-A075-01BA1E62EC3F}" = TurboTax 2008 wsciper
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{51729BDF-5ED6-41ED-9CC6-5BFC7F4A4C18}" = Better Homes and Gardens Landscaping and Deck Designer 7.0
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{66F418FE-38D5-449B-A982-CFE00CD640BF}" = TrekStor i.Beat emo
"{66F4C25D-B1FE-4316-BC63-79AD4E6724BF}" = ATI Multimedia Center
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FA4C993-5B8A-4AF2-9F2B-BC9CE7386947}" = ATI Decoder
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98936CBC-5E7A-4AD7-B05B-6D34C7C68E37}" = Hoyle Board Games 2005
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+ for Windows® System - ATI
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{AF06F78B-ACF7-40E3-9D1A-BC5A0529298B}" = Print Perfect Deluxe
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE78643-3CDB-46EF-9677-795415937ABB}" = CorelDRAW ESSENTIALS
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}" = EPSON PhotoCenter
"{D29FA925-E9D7-411E-8E75-C726EDF56AE6}" = Studio MediaSuite Recording
"{D361C406-ED11-4A88-AD42-4A749BBAE6F9}" = Hoyle Card Games 2007
"{D87D6386-3C2D-4239-9780-3418FB7B0E94}" = Print Lab Series
"{D99A12CC-9EFB-4FB3-9B1F-77E07D50A965}" = ATI Catalyst Control Center
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA10FC33-3DBC-4268-A90E-1681760FD417}" = The Home Depot® 3D Home Designer
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"0254DF9A-618A-4A2C-A5ED-FA7115988B02" = Word Symphony from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"CD LabelMaker" = CD LabelMaker
"CheckIt Diagnostics" = CheckIt Diagnostics
"Compaq Instant Support" = Compaq Instant Support
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.061
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{66F4C25D-B1FE-4316-BC63-79AD4E6724BF}" = ATI Multimedia Center 9.061
"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0
"InstallShield_{7FA4C993-5B8A-4AF2-9F2B-BC9CE7386947}" = ATI Decoder
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 3.02
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"InstallShield_{EA10FC33-3DBC-4268-A90E-1681760FD417}" = The Home Depot® 3D Home Designer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NETGEAR Media Server Installer" = NETGEAR Media Server Installer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3" = VIA/S3G Display Driver
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"Silent Package Run-Time Sample" = EPSON CX6600 Reference Guide
"SMS" = Pinnacle Studio 9 Media Suite Components
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WhoCrashed_is1" = WhoCrashed 1.01
"WIC" = Windows Imaging Component
"Window Washer" = Window Washer
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eMusic Download Manager" = eMusic Download Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/9/2009 8:22:21 PM | Computer Name = YOUR-RTMEJESVBC | Source = MsiInstaller | ID = 11316
Description = Product: 7-Zip 9.04 -- Error 1316. A network error occurred while
attempting to read from the file: C:\Documents and Settings\Owner\Desktop\7z904[1].msi
[ System Events ]
Error - 7/9/2009 6:08:24 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 7/9/2009 6:10:50 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5
Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5
Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5
Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5
Error - 7/9/2009 6:15:11 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 7/9/2009 8:59:10 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 7/9/2009 9:20:12 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 7/9/2009 9:39:23 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
< End of report >
OTL logfile created on: 7/9/2009 9:49:17 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 678.04 Mb Available Physical Memory | 66.25% Memory free
1.56 Gb Paging File | 1.21 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.67 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32
Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Disabled | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Integrated Multimedia Server [Disabled | Stopped]) -- C:\Program Files\NETGEAR\Media Server\immsService.exe ()
SRV - (IntuitUpdateService [Disabled | Stopped]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPodService [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSSQL$PINNACLESYS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PDFProFiltSrv [Disabled | Stopped]) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (PinnacleSys.MediaServer [Disabled | Stopped]) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe (Pinnacle Systems)
SRV - (RetroLauncher [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroWDSvc [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
SRV - (SQLAgent$PINNACLESYS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Symantec RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Disabled | Stopped]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ASAPIW2k [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys (Pinnacle Systems GmbH)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ATI Remote Wonder II [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ATIRWVD.SYS (Jungo)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATIAVAIW [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV - (atinevxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinevxx.sys (ATI Technologies Inc.)
DRV - (atinrvxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys (ATI Technologies Inc.)
DRV - (ATITUNEP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atineuxx.sys (ATI Technologies Inc.)
DRV - (ativraxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinraxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinesxx.sys (ATI Technologies Inc.)
DRV - (BCMNTIO [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS ()
DRV - (cdrdrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Cdrdrv.sys (Pinnacle Systems GmbH)
DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [System | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MAPMEM [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS ()
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MVDCODEC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys (ATI Technologies Inc.)
DRV - (PCDCODEC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinpdxx.sys (ATI Technologies Inc.)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StMp3Rec [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys (Generic)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (vobiw [System | Running]) -- C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH)
DRV - (XUIF [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 07:53:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/09 21:33:12 | 00,000,000 | ---D | M]
O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKCU..\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\RunOnce: [] \Program Files\Internet Explorer\iexplore.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.11 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: izone.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1091817232828 (MSSecurityAdvisor Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8190.4608101852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.148 24.25.5.147
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 18:15:59 | 00,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 00,000,000 | RH-D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{0e79861e-0b61-11d9-8778-00112f335afd}\Shell\AutoRun\command - "" = L:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{bc8a691e-9df5-11dd-9b27-00112f335afd}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d9a262e8-114c-11d9-879a-00112f335afd}\Shell\AutoRun\command - "" = K:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{ea4cb15a-114e-11d9-879b-00112f335afd}\Shell\AutoRun\command - "" = SafeGuard\Windows\SafeGuard20.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 20:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/07/09 21:48:24 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/09 21:46:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/09 21:45:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/07/09 21:30:23 | 00,000,000 | ---D | C] -- C:\4be227ac176f5b053f00d7c5
[2009/07/09 21:30:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/09 21:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/09 21:09:22 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:09:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/09 21:09:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/09 21:08:22 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/09 21:05:54 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/09 21:04:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:06 | 01,042,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:48 | 00,834,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 16:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Autoruns
[2009/07/09 16:49:04 | 00,586,212 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:15:54 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 09:44:54 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/08 09:44:54 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/08 09:44:54 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/08 09:44:53 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/08 09:44:51 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/08 09:44:51 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/08 09:44:51 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/08 09:44:51 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/08 09:44:51 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/08 09:44:34 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/08 09:44:34 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/08 09:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/08 07:53:31 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 07:53:31 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 07:53:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 07:53:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 07:53:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 00:36:36 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/08 00:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
[2009/07/08 00:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects
[2009/07/08 00:05:59 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/08 00:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2009/07/07 23:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/07/07 23:01:22 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 23:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/07/07 18:54:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/07 18:52:37 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2009/07/07 18:52:37 | 00,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2009/07/07 18:25:41 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EVEREST Home Edition.lnk
[2009/07/07 18:25:39 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/07/06 23:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/06 23:15:00 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/07/06 23:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/07/06 23:05:13 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/07/06 23:05:05 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/29 08:03:37 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/06/29 08:02:39 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/04 19:35:43 | 00,000,163 | ---- | C] () -- C:\WINDOWS\QAWIN32.INI
[2007/04/05 16:13:15 | 00,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/05 16:12:29 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/05 16:12:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/12 12:48:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/12 12:48:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/11 16:00:51 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/11/30 18:29:38 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2005/11/30 18:15:59 | 00,001,194 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2005/11/27 17:16:27 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/27 17:16:27 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/26 20:02:14 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/11/15 19:01:32 | 00,000,767 | -HS- | C] () -- C:\WINDOWS\System32\cccdd.ini
[2005/11/09 14:21:11 | 00,274,837 | -HS- | C] () -- C:\WINDOWS\System32\rtvwa.ini
[2005/09/24 14:57:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/09/24 14:53:51 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/09/24 14:51:41 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/09/24 14:51:41 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/09/24 14:43:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2005/09/24 08:49:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/22 12:03:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/09/07 17:35:43 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2005/09/07 17:35:43 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2005/09/07 17:35:43 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2005/09/07 17:35:43 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2005/09/07 17:35:43 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/09/07 17:21:26 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/08/23 20:30:40 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2005/08/20 01:45:46 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2005/08/20 01:45:46 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2005/08/20 01:45:28 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/20 01:45:26 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/08/19 17:49:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2005/08/19 17:14:36 | 00,000,060 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/07/29 14:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/02/03 18:32:56 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2004/12/20 19:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/09/28 08:46:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SafeGuard20.INI
[2004/09/23 21:10:26 | 00,103,436 | ---- | C] () -- C:\WINDOWS\System32\ShellEx.dll
[2004/09/21 16:28:45 | 01,778,176 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2004/09/21 16:28:45 | 00,916,480 | ---- | C] () -- C:\WINDOWS\System32\FFMpeg.dll
[2004/09/21 16:28:45 | 00,182,272 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2004/09/21 16:28:45 | 00,107,520 | ---- | C] () -- C:\WINDOWS\System32\dvrms.dll
[2004/09/21 16:28:45 | 00,104,612 | ---- | C] () -- C:\WINDOWS\System32\TomcatShellEx.dll
[2004/07/22 18:07:47 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/07/22 17:28:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/05/15 07:32:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/13 01:01:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/13 01:00:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/13 01:00:51 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/13 00:57:44 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/05/13 00:42:17 | 00,027,756 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/05/13 00:41:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/05/12 23:50:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/12 23:42:12 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/12 23:02:46 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/12 22:30:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/12 22:21:01 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/05/12 22:21:01 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/05/12 22:20:43 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/05/12 21:51:31 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/12 21:36:11 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/12 21:35:49 | 00,000,860 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/05/12 21:35:45 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/04/15 20:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/30 18:04:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/28 11:42:06 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ==========
[2009/07/09 21:48:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/09 21:45:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/07/09 21:39:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/09 21:39:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/09 21:39:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/09 21:38:59 | 00,772,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 21:36:39 | 00,529,506 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/09 21:36:39 | 00,460,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/09 21:36:39 | 00,079,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/09 21:34:20 | 10,226,080 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/09 21:09:22 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:08:26 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:05:54 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:04:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:08 | 01,042,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 18:13:37 | 00,000,860 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/09 18:13:37 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/09 18:13:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/09 17:59:51 | 00,834,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 17:31:49 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/09 17:30:18 | 00,003,892 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/07/09 16:49:06 | 00,586,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:16:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 18:51:20 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/07/08 09:44:54 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/08 09:44:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/08 07:53:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 07:53:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 07:53:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 07:53:02 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 07:53:01 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 00:05:59 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/07 23:01:22 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 18:52:37 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2009/07/07 18:25:41 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVEREST Home Edition.lnk
[2009/07/06 23:15:01 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/07/01 14:20:59 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savings Bonds.sbw.bak
[2009/07/01 14:20:59 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savings Bonds.sbw
[2009/06/30 20:01:46 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Streets & Trips 2006.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/10 22:06:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >