it had some stuff on it and i think it is all gone so i am posting to make sure it is.
i have done everything listed here are the log files
OTListIt logfile created on: 4/6/2009 6:13:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\BECK\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 616.56 Mb Available Physical Memory | 60.80% Memory free
3.87 Gb Paging File | 3.58 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 54.47 Gb Free Space | 76.53% Space Free | Partition Type: NTFS
Drive D: | 36.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 60.28 Gb Free Space | 40.44% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: WORK
Current User Name: BECK
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Documents and Settings\BECK\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CO_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\CO_Mon.sys ()
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\L8042mou.sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LMouKE.sys (Logitech, Inc.)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\BECK\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: rldigitalphoto.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.UP () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 18:12:06 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BECK\Desktop\OTListIt2.exe
[2009/04/06 18:11:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/06 18:10:51 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\Rooter.exe
[2009/04/06 18:08:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/06 18:01:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/04/06 18:00:36 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/04/06 18:00:36 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/04/06 18:00:36 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/04/06 18:00:36 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/04/06 18:00:36 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/04/06 18:00:36 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/04/06 18:00:35 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/04/06 18:00:35 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/04/06 18:00:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/04/06 18:00:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/04/06 17:59:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/04/06 17:59:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/04/06 17:58:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/04/06 17:42:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/06 17:31:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/04/06 17:31:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/06 17:31:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/06 17:31:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/06 17:31:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/04/06 17:28:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/04/06 17:26:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/04/06 17:22:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/04/06 17:22:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/04/06 15:51:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BECK\Application Data\Malwarebytes
[2009/04/06 15:51:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 15:51:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:51:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/06 15:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 15:50:28 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BECK\My Documents\mbam-setup.exe
[2009/03/31 20:11:39 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/31 20:06:14 | 34,910,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/31 20:06:14 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/31 20:06:14 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/31 20:06:14 | 00,085,585 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/31 20:06:14 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/31 20:06:14 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/31 20:06:13 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/31 20:06:13 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/31 20:06:12 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/31 20:06:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/31 20:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/31 20:05:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/31 20:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/31 20:01:43 | 00,188,406 | ---- | C] (Roxio) -- C:\Documents and Settings\BECK\My Documents\updatecdr4_53_71.exe
[2009/03/31 19:36:39 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\BECK\My Documents\avg_free_stf_en_85_285a1462.exe
[2009/03/31 19:35:45 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\BECK\My Documents\MCPR.exe
[2006/06/02 00:08:23 | 00,000,669 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/04 09:46:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2005/09/17 20:13:34 | 00,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/17 20:13:34 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B175C769FA.sys
[2005/08/28 21:30:59 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/19 21:42:21 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2005/07/17 11:54:42 | 00,000,294 | ---- | C] () -- C:\WINDOWS\YAHTZEE.INI
[2005/07/14 19:39:06 | 00,000,251 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/07/11 15:12:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/11 15:07:55 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/11 14:44:36 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/11 14:44:24 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,602 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/13 14:21:58 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/09/06 18:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 18:12:12 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BECK\Desktop\OTListIt2.exe
[2009/04/06 18:10:53 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\Rooter.exe
[2009/04/06 18:09:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 18:04:42 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\BECK\My Documents\desktop.ini
[2009/04/06 18:04:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/06 18:04:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 18:03:39 | 04,832,516 | -H-- | M] () -- C:\Documents and Settings\BECK\Local Settings\Application Data\IconCache.db
[2009/04/06 18:02:15 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/06 17:45:12 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 17:45:12 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 17:45:12 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 17:43:53 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/06 17:42:40 | 00,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 17:26:14 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/06 15:50:37 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BECK\My Documents\mbam-setup.exe
[2009/04/06 15:43:36 | 34,910,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/06 15:43:36 | 00,085,585 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/31 20:06:14 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/31 20:06:14 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/31 20:06:14 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/31 20:06:14 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/31 20:06:13 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/31 20:06:13 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/31 20:06:12 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/31 20:02:02 | 00,044,288 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/03/31 20:01:43 | 00,188,406 | ---- | M] (Roxio) -- C:\Documents and Settings\BECK\My Documents\updatecdr4_53_71.exe
[2009/03/31 19:36:40 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\BECK\My Documents\avg_free_stf_en_85_285a1462.exe
[2009/03/31 19:35:46 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\BECK\My Documents\MCPR.exe
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
OTListIt Extras logfile created on: 4/6/2009 6:13:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\BECK\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 616.56 Mb Available Physical Memory | 60.80% Memory free
3.87 Gb Paging File | 3.58 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 54.47 Gb Free Space | 76.53% Space Free | Partition Type: NTFS
Drive D: | 36.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 60.28 Gb Free Space | 40.44% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: WORK
Current User Name: BECK
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\WorkStream DS\WorkStreamDS.exe:*:Enabled:WorkStream Application (ZBE, Inc.)
C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server (Constantin Kaplinsky)
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer (Microsoft Corporation)
C:\Program Files\Help Me RLDP\HelpMeRLDP.exe:*:Enabled:TightVNC Win32 Server (Constantin Kaplinsky)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{200E0DC2-2223-11D6-830E-0050DABBB449}" = Webcast
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{39C5A3E0-31AF-11D6-830E-0050DABBB449}" = Dazzle Photo Editor
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BC64BC82-1AF0-11D6-830E-0050DABBB449}" = Dazzle Software
"{C0379D77-54E5-4D89-A9AA-B8F9C149AA29}" = Sorry Boggle and Yahtzee Triple Pack of Fun
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F330A4C0-802E-11D5-8311-0050DABBB21D}" = OnDVD
"101 Bally Slots" = 101 Bally Slots
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AVG8Uninstall" = AVG 8.5
"Bicycle Card Games 1.0" = Bicycle Card Games
"Bicycle Casino 1.5" = Bicycle Casino
"Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
"DellSupport" = Dell Support 5.0.0 (630)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TightVNC_is1" = TightVNC 1.2.9
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WorkStream DS_2.3" = WorkStream DS 2.3
"WorkStream DS_2.4" = WorkStream DS 2.4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/13/2008 11:23:08 PM | Computer Name = WORK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/13/2008 11:23:08 PM | Computer Name = WORK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/27/2008 8:17:27 PM | Computer Name = WORK | Source = Application Hang | ID = 1002
Description = Hanging application Update.exe, version 1.0.0.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/1/2008 1:35:39 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 7.0.19.0, fault address 0x000235d6.
Error - 9/1/2008 1:56:34 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02609350.
Error - 9/16/2008 2:05:28 PM | Computer Name = WORK | Source = Application Hang | ID = 1002
Description = Hanging application Update.exe, version 1.0.0.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/19/2008 8:57:43 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 7.0.19.0, fault address 0x00001868.
Error - 2/17/2009 12:42:34 PM | Computer Name = WORK | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 2/17/2009 12:44:57 PM | Computer Name = WORK | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/6/2009 8:00:42 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x00010bfb.
[ System Events ]
Error - 2/17/2009 12:42:15 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/17/2009 12:42:34 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/17/2009 12:43:15 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk
Error - 2/17/2009 12:43:47 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 2/17/2009 12:43:48 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 2/17/2009 12:44:57 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/17/2009 12:46:53 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/17/2009 12:48:30 PM | Computer Name = WORK | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 2/26/2009 4:08:17 AM | Computer Name = WORK | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 4/6/2009 4:43:45 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde
< End of report >
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:72888 Mo/Free:2533 Mo)
D:\ [CD-Rom] (Total:36 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:2294 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Fixed] - NTFS - (Total:152625 Mo/Free:286 Mo)
Mon 04/06/2009|18:11
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
---------- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
---------- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/06/2009|18:11
thank you in advance
dawg