[dawg3]

this is my moms computer i am posting this for.
it had some stuff on it and i think it is all gone so i am posting to make sure it is.
i have done everything listed here are the log files

OTListIt logfile created on: 4/6/2009 6:13:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\BECK\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 616.56 Mb Available Physical Memory | 60.80% Memory free
3.87 Gb Paging File | 3.58 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 54.47 Gb Free Space | 76.53% Space Free | Partition Type: NTFS
Drive D: | 36.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 60.28 Gb Free Space | 40.44% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: WORK
Current User Name: BECK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Documents and Settings\BECK\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CO_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\CO_Mon.sys ()
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\L8042mou.sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LMouKE.sys (Logitech, Inc.)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\BECK\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: rldigitalphoto.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.UP () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 18:12:06 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BECK\Desktop\OTListIt2.exe
[2009/04/06 18:11:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/06 18:10:51 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\Rooter.exe
[2009/04/06 18:08:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/06 18:01:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/04/06 18:00:36 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/04/06 18:00:36 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/04/06 18:00:36 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/04/06 18:00:36 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/04/06 18:00:36 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/04/06 18:00:36 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/04/06 18:00:35 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/04/06 18:00:35 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/04/06 18:00:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/04/06 18:00:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/04/06 17:59:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/04/06 17:59:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/04/06 17:58:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/04/06 17:42:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/06 17:31:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/04/06 17:31:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/06 17:31:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/06 17:31:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/06 17:31:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/04/06 17:28:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/04/06 17:26:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/04/06 17:22:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/04/06 17:22:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/04/06 15:51:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BECK\Application Data\Malwarebytes
[2009/04/06 15:51:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 15:51:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:51:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/06 15:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 15:50:28 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BECK\My Documents\mbam-setup.exe
[2009/03/31 20:11:39 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/31 20:06:14 | 34,910,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/31 20:06:14 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/31 20:06:14 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/31 20:06:14 | 00,085,585 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/31 20:06:14 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/31 20:06:14 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/31 20:06:13 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/31 20:06:13 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/31 20:06:12 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/31 20:06:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/31 20:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/31 20:05:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/31 20:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/31 20:01:43 | 00,188,406 | ---- | C] (Roxio) -- C:\Documents and Settings\BECK\My Documents\updatecdr4_53_71.exe
[2009/03/31 19:36:39 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\BECK\My Documents\avg_free_stf_en_85_285a1462.exe
[2009/03/31 19:35:45 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\MCPR.exe
[2006/06/02 00:08:23 | 00,000,669 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/04 09:46:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2005/09/17 20:13:34 | 00,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/17 20:13:34 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B175C769FA.sys
[2005/08/28 21:30:59 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/19 21:42:21 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2005/07/17 11:54:42 | 00,000,294 | ---- | C] () -- C:\WINDOWS\YAHTZEE.INI
[2005/07/14 19:39:06 | 00,000,251 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/07/11 15:12:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/11 15:07:55 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/11 14:44:36 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/11 14:44:24 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,602 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/13 14:21:58 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/09/06 18:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 18:12:12 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BECK\Desktop\OTListIt2.exe
[2009/04/06 18:10:53 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\Rooter.exe
[2009/04/06 18:09:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 18:04:42 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\BECK\My Documents\desktop.ini
[2009/04/06 18:04:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/06 18:04:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 18:03:39 | 04,832,516 | -H-- | M] () -- C:\Documents and Settings\BECK\Local Settings\Application Data\IconCache.db
[2009/04/06 18:02:15 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/06 17:45:12 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 17:45:12 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 17:45:12 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 17:43:53 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/06 17:42:40 | 00,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 17:26:14 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/06 15:50:37 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BECK\My Documents\mbam-setup.exe
[2009/04/06 15:43:36 | 34,910,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/06 15:43:36 | 00,085,585 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/31 20:06:14 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/31 20:06:14 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/31 20:06:14 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/31 20:06:14 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/31 20:06:13 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/31 20:06:13 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/31 20:06:12 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/31 20:02:02 | 00,044,288 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/03/31 20:01:43 | 00,188,406 | ---- | M] (Roxio) -- C:\Documents and Settings\BECK\My Documents\updatecdr4_53_71.exe
[2009/03/31 19:36:40 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\BECK\My Documents\avg_free_stf_en_85_285a1462.exe
[2009/03/31 19:35:46 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\MCPR.exe
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

OTListIt Extras logfile created on: 4/6/2009 6:13:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\BECK\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 616.56 Mb Available Physical Memory | 60.80% Memory free
3.87 Gb Paging File | 3.58 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 54.47 Gb Free Space | 76.53% Space Free | Partition Type: NTFS
Drive D: | 36.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 60.28 Gb Free Space | 40.44% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: WORK
Current User Name: BECK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\WorkStream DS\WorkStreamDS.exe:*:Enabled:WorkStream Application (ZBE, Inc.)
C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server (Constantin Kaplinsky)
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer (Microsoft Corporation)
C:\Program Files\Help Me RLDP\HelpMeRLDP.exe:*:Enabled:TightVNC Win32 Server (Constantin Kaplinsky)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{200E0DC2-2223-11D6-830E-0050DABBB449}" = Webcast
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{39C5A3E0-31AF-11D6-830E-0050DABBB449}" = Dazzle Photo Editor
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BC64BC82-1AF0-11D6-830E-0050DABBB449}" = Dazzle Software
"{C0379D77-54E5-4D89-A9AA-B8F9C149AA29}" = Sorry Boggle and Yahtzee Triple Pack of Fun
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F330A4C0-802E-11D5-8311-0050DABBB21D}" = OnDVD
"101 Bally Slots" = 101 Bally Slots
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AVG8Uninstall" = AVG 8.5
"Bicycle Card Games 1.0" = Bicycle Card Games
"Bicycle Casino 1.5" = Bicycle Casino
"Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
"DellSupport" = Dell Support 5.0.0 (630)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TightVNC_is1" = TightVNC 1.2.9
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WorkStream DS_2.3" = WorkStream DS 2.3
"WorkStream DS_2.4" = WorkStream DS 2.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2008 11:23:08 PM | Computer Name = WORK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2008 11:23:08 PM | Computer Name = WORK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/27/2008 8:17:27 PM | Computer Name = WORK | Source = Application Hang | ID = 1002
Description = Hanging application Update.exe, version 1.0.0.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2008 1:35:39 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 7.0.19.0, fault address 0x000235d6.

Error - 9/1/2008 1:56:34 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02609350.

Error - 9/16/2008 2:05:28 PM | Computer Name = WORK | Source = Application Hang | ID = 1002
Description = Hanging application Update.exe, version 1.0.0.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/19/2008 8:57:43 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 7.0.19.0, fault address 0x00001868.

Error - 2/17/2009 12:42:34 PM | Computer Name = WORK | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/17/2009 12:44:57 PM | Computer Name = WORK | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/6/2009 8:00:42 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x00010bfb.

[ System Events ]
Error - 2/17/2009 12:42:15 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2009 12:42:34 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2009 12:43:15 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk

Error - 2/17/2009 12:43:47 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 2/17/2009 12:43:48 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 2/17/2009 12:44:57 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2009 12:46:53 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2009 12:48:30 PM | Computer Name = WORK | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/26/2009 4:08:17 AM | Computer Name = WORK | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 4/6/2009 4:43:45 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:72888 Mo/Free:2533 Mo)
D:\ [CD-Rom] (Total:36 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:2294 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Fixed] - NTFS - (Total:152625 Mo/Free:286 Mo)

Mon 04/06/2009|18:11

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
---------- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
---------- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/06/2009|18:11


thank you in advance
dawg

[Advertisements]

Hello dawg3,
Sorry about the delay.



Since it has been a few days since posting your logs, please run another scan with OTListIt2 and post the OTListIt.txt in your next reply.

[Jimmy2012]

Hello dawg3,
Sorry about the delay.



Since it has been a few days since posting your logs, please run another scan with OTListIt2 and post the OTListIt.txt in your next reply.

[dawg3]

the computer has not been used since i posted everything
it has not even been turned on,.

[Jimmy2012]

Hello dawg3,

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • C:\WINDOWS\System32\DELS1LMK.DLL
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

• Please open OTListIt2.exe
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :OTLI
  O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
  
  :Commands
  [purity]
  [emptytemp]
  [reboot]

• Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
• Click the Run Fix button.
• Let the program run until it is finished, reboot when it is done.
• It will produce a log for you on reboot, please post that log in your next reply.

~~~~~~~~~~~~~~
In your next reply please have these logs.
The VirScan log
And the OTListIt2 log

[dawg3]

something came up and i will not be able to do this step till sunday so please dont close it for lack of response.

on a side note. im from ohio also. what part? cbj are in the playoffs. bout time

thanks
dawg

Edited by dawg3, 10 April 2009 - 06:39 PM.

[Jimmy2012]

Hello dawg3,

something came up and i will not be able to do this step till sunday so please dont close it for lack of response.

Ok, no problem.

im from ohio also. what part?

Akron area, you?

cbj are in the playoffs. bout time

Yea.

How about the Cavs, just clinched #1 in the east.

Edited by Jimmy2012, 10 April 2009 - 11:56 PM.

[dawg3]

virscan.org scan

VirSCAN.org Scanned Report :
Scanned time : 2009/04/12 11:11:15 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : DELS1LMK.DLL
File Size : 20594 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 494b6bc9e6ef796b0cc79087727f889d
SHA1 : 06b8c6b394af164cb03068ea092ec82a25a22411
Online report : http://virscan.org/r...83a1b45206.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090412200212 2009-04-12 2.92 -
AhnLab V3 2009.04.13.00 2009.04.13 2009-04-13 1.79 -
AntiVir 7.9.0.138 7.1.3.42 2009-04-11 2.02 -
Antiy 2.0.18 20090412.2291474 2009-04-12 0.12 -
Authentium 5.1.1 200904111622 2009-04-11 1.59 -
AVAST! 3.0.1 090411-0 2009-04-11 0.01 -
AVG 7.5.52.442 270.11.53/2054 2009-04-11 2.16 -
BitDefender 7.81008.2846208 7.24756 2009-04-12 2.67 -
CA (VET) 9.0.0.143 31.6.6450 2009-04-10 6.73 -
ClamAV 0.95 9224 2009-04-11 0.01 -
Comodo 3.8 1111 2009-04-12 1.28 -
CP Secure 1.1.0.715 2009.04.12 2009-04-12 8.41 -
Dr.Web 4.44.0.9170 2009.04.11 2009-04-11 4.43 -
F-Prot 4.4.4.56 20090411 2009-04-11 1.54 -
F-Secure 5.51.6100 2009.04.12.02 2009-04-12 0.06 -
Fortinet 2.81-3.117 10.275 2009-04-12 0.55 -
GData 19.4565/19.296 20090412 2009-04-12 5.74 -
ViRobot 20090410 2009.04.10 2009-04-10 0.76 -
Ikarus T3.1.01.49 2009.04.12.72566 2009-04-12 2.92 -
JiangMin 11.0.706 2009.04.12 2009-04-12 2.11 -
Kaspersky 5.5.10 2009.04.12 2009-04-12 0.05 -
KingSoft 2009.2.5.15 2009.4.12.21 2009-04-12 2.90 -
McAfee 5.3.00 5581 2009-04-11 2.77 -
Microsoft 1.4502 2009.04.12 2009-04-12 7.44 -
mks_vir 2.01 2009.04.12 2009-04-12 2.72 -
Norman 6.00.06 6.00.00 2009-04-09 10.01 -
Panda 9.05.01 2009.04.12 2009-04-12 1.66 -
Trend Micro 8.700-1004 5.962.05 2009-04-12 0.03 -
Quick Heal 10.00 2009.04.10 2009-04-10 1.14 -
Rising 20.0 21.24.62.00 2009-04-12 0.90 -
Sophos 2.85.0 4.40 2009-04-12 2.12 -
Sunbelt 5088 5088 2009-04-11 0.65 -
Symantec 1.3.0.24 20090411.003 2009-04-11 0.05 -
nProtect 20090412.01 3461184 2009-04-12 4.49 -
The Hacker 6.3.4.0 v00306 2009-04-12 0.56 -
VBA32 3.12.10.2 20090411.0955 2009-04-11 1.81 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.51 -

[dawg3]

otlistit log

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\%7Bmod_zoom,mod_transitlyr,mod_traffic_app,mod_sha1,mod_scrollwheel,mod_quadtree,mod_mpl_host,mod_lyr
sctrl,mod_lyrs,mod_keyboard,mod_jslinker,mod_extended_dom,mod_drag,mod_co[2].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D435020072%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D535155293%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D383506437%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3Blink%3D;ord=3835[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\812RWTMF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D535155252%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\812RWTMF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D620928898%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=coupon;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=5aI5CbG7eN_CROSS_9
6392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381244215[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=coupon;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=F62BjCvqFr_CROSS_9
6392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381195609[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=red+lobster;cnt=us;page=xcc;gen=null;type=null;tile=2;zr=n;ct=;u=s5bWX9cHHM_CR
OSS_96392_3954_8033029;;dcove=d;sz=160x600;ord=1236381215909[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D383507803%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3Blink%3D;ord=3835[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D535159933%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D620927785%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D517136178%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\;sdccat=96392;kw=red+lobster;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=s5bWX9cHHM_CR
OSS_96392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381215909[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=73964&creativeId=86246&contentId=358530&streamId=123526&fr=1236383124027&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWe57SUxSxPM0pHvK3OqU scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=73972&creativeId=86264&contentId=358574&streamId=123526&fr=1236517809704&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWNV7SUxSsyslpHvKNcSr scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=75592&creativeId=93924&contentId=364408&streamId=123526&fr=1236517620298&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWNV7SUxSsyslpHvKCzSr scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\aud[1].0&ioId=75592&creativeId=93924&contentId=364408&streamId=123526&fr=1236517871379&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWXV7SUxSAhhDm9vy8VYxO scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.12.0 log created on 04122009_111858

[dawg3]

when i restarted otlistit this popped up

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\%7Bmod_zoom,mod_transitlyr,mod_traffic_app,mod_sha1,mod_scrollwheel,mod_quadtree,mod_mpl_host,mod_lyr
sctrl,mod_lyrs,mod_keyboard,mod_jslinker,mod_extended_dom,mod_drag,mod_co[2].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D435020072%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D535155293%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D383506437%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3Blink%3D;ord=3835[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\812RWTMF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D535155252%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\812RWTMF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D620928898%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=coupon;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=5aI5CbG7eN_CROSS_9
6392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381244215[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=coupon;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=F62BjCvqFr_CROSS_9
6392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381195609[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=red+lobster;cnt=us;page=xcc;gen=null;type=null;tile=2;zr=n;ct=;u=s5bWX9cHHM_CR
OSS_96392_3954_8033029;;dcove=d;sz=160x600;ord=1236381215909[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D383507803%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3Blink%3D;ord=3835[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D535159933%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D620927785%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D517136178%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\;sdccat=96392;kw=red+lobster;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=s5bWX9cHHM_CR
OSS_96392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381215909[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=73964&creativeId=86246&contentId=358530&streamId=123526&fr=1236383124027&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWe57SUxSxPM0pHvK3OqU scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=73972&creativeId=86264&contentId=358574&streamId=123526&fr=1236517809704&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWNV7SUxSsyslpHvKNcSr scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=75592&creativeId=93924&contentId=364408&streamId=123526&fr=1236517620298&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWNV7SUxSsyslpHvKCzSr scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\aud[1].0&ioId=75592&creativeId=93924&contentId=364408&streamId=123526&fr=1236517871379&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWXV7SUxSAhhDm9vy8VYxO scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\BECK\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.12.0 log created on 04122009_111858

Files moved on Reboot...
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\%7Bmod_zoom,mod_transitlyr,mod_traffic_app,mod_sha1,mod_scrollwheel,mod_quadtree,mod_mpl_host,mod_lyr
sctrl,mod_lyrs,mod_keyboard,mod_jslinker,mod_extended_dom,mod_drag,mod_co[2].js not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D435020072%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D535155293%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYV4XAF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D383506437%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3Blink%3D;ord=3835[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\812RWTMF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D535155252%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\812RWTMF\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D620928898%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=coupon;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=5aI5CbG7eN_CROSS_9
6392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381244215[1].html not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=coupon;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=F62BjCvqFr_CROSS_9
6392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381195609[1].html not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\;sdccat=96392;kw=red+lobster;cnt=us;page=xcc;gen=null;type=null;tile=2;zr=n;ct=;u=s5bWX9cHHM_CR
OSS_96392_3954_8033029;;dcove=d;sz=160x600;ord=1236381215909[1].html not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D383507803%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3Blink%3D;ord=3835[1] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D535159933%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687302%2F0%2F225%2FAdId%3D245652%3BBnId%3D2%3Bitime%3D620927785%3Bkvmn%3D93248190%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DQ3KD63\adlink%2F5113%2F687303%2F0%2F170%2FAdId%3D245648%3BBnId%3D1%3Bitime%3D517136178%3Bkvmn%3D93248191%3Bkvtid%3D14r3bpd0s3r697%3Bkvseg%3D99999%3A60173%3A60183%3A50206%3Blink%3D;[2] not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\;sdccat=96392;kw=red+lobster;cnt=us;page=xcc;gen=null;type=null;tile=6;zr=n;ct=;u=s5bWX9cHHM_CR
OSS_96392_3954_8033029;dcopt=ist;dcove=d;sz=728x90;ord=1236381215909[1].html not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=73964&creativeId=86246&contentId=358530&streamId=123526&fr=1236383124027&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWe57SUxSxPM0pHvK3OqU not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=73972&creativeId=86264&contentId=358574&streamId=123526&fr=1236517809704&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWNV7SUxSsyslpHvKNcSr not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\audi[1].0&ioId=75592&creativeId=93924&contentId=364408&streamId=123526&fr=1236517620298&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWNV7SUxSsyslpHvKCzSr not found!
File C:\Documents and Settings\BECK\Local Settings\Temp\Temporary Internet Files\Content.IE5\05QJO92R\aud[1].0&ioId=75592&creativeId=93924&contentId=364408&streamId=123526&fr=1236517871379&attr=&uid=694028279&geo=43085&dma=columbus-oh&content=CONTENT&playId=A8CWXV7SUxSAhhDm9vy8VYxO not found!

Registry entries deleted on Reboot...

[dawg3]

fresh otlistit log file

OTListIt logfile created on: 4/12/2009 1:19:05 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\BECK\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 571.09 Mb Available Physical Memory | 56.32% Memory free
3.87 Gb Paging File | 3.48 Gb Available in Paging File | 89.79% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 54.52 Gb Free Space | 76.59% Space Free | Partition Type: NTFS
Drive D: | 36.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 547.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 60.04 Gb Free Space | 40.28% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: WORK
Current User Name: BECK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\BECK\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CO_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\CO_Mon.sys ()
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\L8042mou.sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LMouKE.sys (Logitech, Inc.)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\BECK\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: rldigitalphoto.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.UP () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/12 11:18:58 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/10 17:09:31 | 00,001,434 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\Soccer Sunday.csv
[2009/04/07 21:05:54 | 00,001,326 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\Saturday.csv
[2009/04/06 18:12:06 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BECK\Desktop\OTListIt2.exe
[2009/04/06 18:11:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/06 18:10:51 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\Rooter.exe
[2009/04/06 18:01:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/04/06 18:00:36 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/04/06 18:00:36 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/04/06 18:00:36 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/04/06 18:00:36 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/04/06 18:00:36 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/04/06 18:00:36 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/04/06 18:00:35 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/04/06 18:00:35 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/04/06 18:00:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/04/06 18:00:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/04/06 17:59:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/04/06 17:59:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/04/06 17:58:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/04/06 17:42:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/06 17:31:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/04/06 17:31:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/06 17:31:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/06 17:31:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/06 17:31:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/04/06 17:28:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/04/06 17:26:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/04/06 17:22:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/04/06 17:22:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/04/06 15:51:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BECK\Application Data\Malwarebytes
[2009/04/06 15:51:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 15:51:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:51:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/06 15:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 15:50:28 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BECK\My Documents\mbam-setup.exe
[2009/03/31 20:11:39 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/31 20:06:14 | 35,043,589 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/31 20:06:14 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/31 20:06:14 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/31 20:06:14 | 00,093,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/31 20:06:14 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/31 20:06:14 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/31 20:06:13 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/31 20:06:13 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/31 20:06:12 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/31 20:06:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/31 20:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/31 20:05:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/31 20:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/31 20:01:43 | 00,188,406 | ---- | C] (Roxio) -- C:\Documents and Settings\BECK\My Documents\updatecdr4_53_71.exe
[2009/03/31 19:36:39 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\BECK\My Documents\avg_free_stf_en_85_285a1462.exe
[2009/03/31 19:35:45 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\MCPR.exe
[2006/06/02 00:08:23 | 00,000,669 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/04 09:46:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2005/09/17 20:13:34 | 00,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/17 20:13:34 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B175C769FA.sys
[2005/08/28 21:30:59 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/19 21:42:21 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2005/07/17 11:54:42 | 00,000,294 | ---- | C] () -- C:\WINDOWS\YAHTZEE.INI
[2005/07/14 19:39:06 | 00,000,251 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/07/11 15:12:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/11 15:07:55 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/11 14:44:36 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/11 14:44:24 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,602 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/13 14:21:58 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/09/06 18:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/12 11:22:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 11:21:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 11:21:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 11:19:56 | 35,043,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/11 11:19:56 | 00,093,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/10 21:59:06 | 04,833,958 | -H-- | M] () -- C:\Documents and Settings\BECK\Local Settings\Application Data\IconCache.db
[2009/04/10 18:08:08 | 00,001,434 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\Soccer Sunday.csv
[2009/04/08 16:22:48 | 00,001,326 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\Saturday.csv
[2009/04/07 15:36:03 | 00,002,168 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\Kim Fri.csv
[2009/04/07 15:32:30 | 00,053,512 | ---- | M] () -- C:\Documents and Settings\BECK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/06 18:12:12 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BECK\Desktop\OTListIt2.exe
[2009/04/06 18:10:53 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\Rooter.exe
[2009/04/06 18:04:42 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\BECK\My Documents\desktop.ini
[2009/04/06 18:02:15 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/06 17:45:12 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 17:45:12 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 17:45:12 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 17:43:53 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/06 17:42:40 | 00,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 17:26:14 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/06 15:50:37 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BECK\My Documents\mbam-setup.exe
[2009/03/31 20:06:14 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/31 20:06:14 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/31 20:06:14 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/31 20:06:14 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/31 20:06:13 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/31 20:06:13 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/31 20:06:12 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/31 20:02:02 | 00,044,288 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/03/31 20:01:43 | 00,188,406 | ---- | M] (Roxio) -- C:\Documents and Settings\BECK\My Documents\updatecdr4_53_71.exe
[2009/03/31 19:36:40 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\BECK\My Documents\avg_free_stf_en_85_285a1462.exe
[2009/03/31 19:35:46 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\MCPR.exe
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

[Jimmy2012]

Hello dawg3,

• Please start Malwarebytes' Anti-Malware and update it.
• To update please do this, click Update and then click Check for Updates.
• It will now install any updates it finds.
• Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log

[dawg3]

malware bytes log

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/14/2009 6:26:49 PM
mbam-log-2009-04-14 (18-26-49).txt

Scan type: Quick Scan
Objects scanned: 73306
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.

[dawg3]

kasper online scan log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 14, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 15, 2009 00:00:25
Records in database: 2044611
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 134207
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:03:03


File name / Threat name / Threats count
C:\Program Files\Help Me RLDP\HelpMeRLDP.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Program Files\Help Me RLDP\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

The selected area was scanned.

[Jimmy2012]

Hello dawg3,

How is your computer running now?

[dawg3]

never really had any problems runningslow or anything. just got a popup for a virus/malware issue.
she does bill pay and was worried.
i forget what the infection was. something mcafee caught. plus it was outdated.

if all is clean and looks good consider it solved.

thank you so much for your help. it was greatly appreciated.

hopefully the cavs and jackets can win their championships. more money on the cavs doing it.