OTL Extras logfile created on: 5/3/2011 1:55:08 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\admin\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 13.53 Gb Free Space | 34.63% Space Free | Partition Type: NTFS Drive D: | 53.71 Gb Total Space | 26.50 Gb Free Space | 49.34% Space Free | Partition Type: NTFS Drive E: | 56.27 Gb Total Space | 10.46 Gb Free Space | 18.59% Space Free | Partition Type: NTFS Drive G: | 14.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JOHN | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Giganology\Gigaget\Gigaget.exe" = C:\Program Files\Giganology\Gigaget\Gigaget.exe:*:Enabled:Gigaget -- (Giganology Inc.) "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{381D847E-7E56-4E82-B261-F799E0F40EB4}" = PHOTOfunSTUDIO 4.0 HD Edition "{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{967D588C-9B96-40C9-A222-DCD6922563CA}" = Apple Mobile Device Support "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials "{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0219810-16E4-437D-9165-93D7B22524F9}" = iTunes "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "AAA Logo 2009 Business_is1" = AAA Logo 2009 Business Edition 3.0 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AviSynth" = AviSynth 2.5 "Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719) "Emicsoft MTS Converter_is1" = Emicsoft MTS Converter "ENTERPRISE" = Microsoft Office Enterprise 2007 "FMS" = FMS "gAlwaysIdle" = gAlwaysIdle "gigaget_is1" = Gigaget "GoToAssist" = GoToAssist Corporate "Huawei Access Manager" = Huawei Access Manager "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "PDFCreator Toolbar" = PDFCreator Toolbar "Picasa 3" = Picasa 3 "SubMagic_is1" = SubMagic V0.71 "Tata Photon+" = Tata Photon+ "TCS 4.2" = TCS 4.2 "VLC media player" = VLC media player 1.1.4 "WinRAR archiver" = WinRAR archiver "ZTEWireless-101_is1" = ZTE Wireless Terminal [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0 "Juniper_Term_Services" = Juniper Terminal Services Client "Neoteris_Host_Checker" = Juniper Networks Host Checker [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 4/25/2011 10:11:10 PM | Computer Name = JOHN | Source = Application Hang | ID = 1002 Description = Hanging application IEXPLORE.EXE, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/27/2011 1:42:59 AM | Computer Name = JOHN | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Downloader in File: C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\32\421e8ea0-6a4713d5>>Rleh/Fhtagn.class by: Manual scan. Action: Cleaned by Deletion. Action Description: Risk Found!Risk: in File: C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\32\421e8ea0-6a4713d5 by: Manual scan. Action: Compressed file processing succeeded. Action Description: The file was left unchanged. Risk Found!Risk: Trojan.Maljava in File: C:\Documents and Settings\admin\Local Settings\Temp\jar_cache8763757953292195019.tmp>>SuspendedInvocationException.class by: Manual scan. Action: Cleaned by Deletion. Action Description: Risk Found!Risk: in File: C:\Documents and Settings\admin\Local Settings\Temp\jar_cache8763757953292195019.tmp by: Manual scan. Action: Compressed file processing succeeded. Action Description: The file was left unchanged. Error - 4/27/2011 2:08:52 AM | Computer Name = JOHN | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: Backdoor.Trojan in File: D:\Program Files\Emicsoft Studio\Emicsoft MTS Converter\Patch by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Error - 4/27/2011 2:09:03 AM | Computer Name = JOHN | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Backdoor.Trojan in File: D:\Program Files\Emicsoft Studio\Emicsoft MTS Converter\Patch by: Manual scan. Action: Cleaned by Deletion. Action Description: Error - 4/27/2011 2:11:44 AM | Computer Name = JOHN | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Backdoor.Trojan in File: C:\Documents and Settings\admin\My Documents\Downloads\EmcSftVdeCnverter4116.rar>>Patch.exe by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: in File: C:\Documents and Settings\admin\My Documents\Downloads\EmcSftVdeCnverter4116.rar by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Risk Found!Risk: Backdoor.Trojan in File: d:\program files\emicsoft studio\emicsoft mts converter\Patch by: Manual scan. Action: Cleaned by Deletion. Action Description: Risk: in File: Internet browser temporary file cache by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully. Error - 4/27/2011 3:30:13 AM | Computer Name = JOHN | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: GLP in File: C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\32\421e8ea0-6a4713d5 by: Manual scan. Action: Delete failed. Action Description: The file was left unchanged. Error - 4/27/2011 3:30:14 AM | Computer Name = JOHN | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: GLP in File: C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\32\421e8ea0-6a4713d5 by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted successfully. Error - 4/27/2011 11:49:37 AM | Computer Name = JOHN | Source = Application Hang | ID = 1002 Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/27/2011 6:50:09 PM | Computer Name = JOHN | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/1/2011 3:06:22 AM | Computer Name = JOHN | Source = Lavasoft Ad-Aware Service | ID = 0 Description = < End of report >