Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove avifil.dll [Solved]

Started by TFK , Apr 24 2009 06:35 PM

  • This topic is locked This topic is locked

#1
TFK
Posted 24 April 2009 - 06:35 PM

TFK

    New Member

  • Member
  • Pip
  • 3 posts
Hey everyone, I'm working on a PC for a friend of my wife's. It had all kinds of problems, and a ton of viruses. It had no antivirus program, so I installed AVG, and it cleaned everything up but one. I keep getting Trojan horse BackDoor.Generic11.HCO messages, and the file infected is avifil.dll. It won't remove it.

I can't delete it in windows, I can't delete it at the cmd prompt. I can't remove it from the registry. I can't remove it with hijack this. And there doesn't seem to be a lot of info on the net about it. Poking around this forum, I dl'd rooter and OTlistit2, and I will post them in a second...

TFK
  • 0

Advertisements

#2
TFK
Posted 24 April 2009 - 06:47 PM

TFK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here they are...

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:72527 Mo/Free:217 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:955 Mo/Free:887 Mo)

Fri 04/24/2009|19:23

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\AOL\1171409998\ee\AOLSoftware.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\wanmpsvc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 04/24/2009|19:24

----------------------\\ Scan completed at 19:24



And....



OTListIt logfile created on: 4/24/2009 7:36:18 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Kathryn Dillon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 239.99 Mb Available Physical Memory | 47.06% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.83 Gb Total Space | 56.21 Gb Free Space | 79.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 955.73 Mb Total Space | 887.09 Mb Free Space | 92.82% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERTSYS
Current User Name: Kathryn Dillon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\AOL\1171409998\ee\AOLSoftware.exe (AOL LLC)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Kathryn Dillon\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (DSBrokerService [Disabled | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (vtfwpzfg [Boot | Running]) -- C:\WINDOWS\system32\drivers\vtfwpzfg.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (pxsec [Boot | Running]) -- File not found
DRV - (pxscan [Boot | Running]) -- File not found

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=tbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {8752A542-E116-42D2-9B3D-9CFE5BDF5B67} - C:\WINDOWS\system32\AVIFIL.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {014DA6C9-189F-421A-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {014DA6C9-189F-421A-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171409998\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...h/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - http://shutter14.pic...umC5bTc00A0.jpg
O24 - Desktop Components:1 () - http://www.hallmark...._fdc_prev_1.jpg
O24 - Desktop Components:2 () - http://shutter12.pic...2YNbqcD0300.jpg
O24 - Desktop Components:3 () - http://shutter07.pic...nlySg4q0300.jpg
O24 - Desktop Components:4 () - http://shutter03.pic...xgDv6Bc0300.jpg
O24 - Desktop Components:5 () - http://shutter09.pic...K8J3lAf0300.jpg
O24 - Desktop Components:6 () - http://shutter09.pic...eI-yyfa0300.jpg
O24 - Desktop Components:7 () - http://shutter07.pic...hbXau0I0300.jpg
O24 - Desktop Components:8 () - http://ak.imgag.com/...90_1024x768.jpg
O24 - Desktop Components:9 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2009/04/24 19:23:16 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/24 19:20:42 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kathryn Dillon\Desktop\OTListIt2.exe
[2009/04/24 19:20:27 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\Rooter.exe
[2009/04/24 19:14:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/24 19:14:01 | 00,000,483 | ---- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\Shortcut to SYSTEM32.lnk
[2009/04/24 18:51:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/04/24 16:56:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathryn Dillon\Desktop\New Folder
[2009/04/24 16:54:28 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\eBay.lnk
[2009/04/24 16:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Desktopicon
[2009/04/24 16:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/04/24 16:54:06 | 00,243,204 | ---- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\unlocker1.8.7.exe
[2009/04/24 16:22:21 | 00,787,000 | ---- | C] (Prevx) -- C:\Documents and Settings\Kathryn Dillon\Desktop\PREVXCSIFREE.EXE
[2009/04/24 16:20:34 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/24 12:07:40 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\avz4.zip
[2009/04/24 12:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathryn Dillon\Desktop\AVZ4
[2009/04/24 11:47:09 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/24 11:47:06 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/24 11:47:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/24 11:44:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/24 11:44:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/24 11:44:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/24 11:44:12 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/24 11:44:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/24 11:44:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/24 11:44:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/24 11:44:12 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/24 11:44:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/24 11:42:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/24 11:41:55 | 02,999,534 | R--- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\ComboFix.exe
[2009/04/24 11:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathryn Dillon\My Documents\Oberon Media
[2009/04/24 10:59:13 | 00,212,849 | ---- | C] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\hijackthis.zip
[2009/04/24 03:49:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2009/04/23 21:31:41 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/23 21:25:04 | 35,386,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/23 21:25:04 | 00,032,111 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/23 21:25:03 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/23 21:25:02 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/23 21:25:02 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/04/23 21:25:01 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/23 21:25:00 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/23 21:24:59 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/23 21:24:58 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/23 21:24:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/23 21:24:27 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/23 21:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/21 16:51:42 | 00,045,568 | ---- | C] (MainConcept AG) -- C:\tqpxlyy.exe
[2009/04/11 13:39:21 | 00,001,545 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Play Fishdom.lnk
[2009/04/11 13:37:47 | 00,000,000 | ---D | C] -- C:\Program Files\Fishdom
[2009/04/11 13:36:33 | 00,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2009/04/11 13:35:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/04/10 10:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathryn Dillon\My Documents\pic06357
[2009/04/07 22:27:08 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\AVIFIL.dll
[2008/09/10 06:09:47 | 00,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2007/09/16 15:19:26 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/07/11 20:15:42 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/10 11:33:30 | 00,000,032 | ---- | C] () -- C:\WINDOWS\SetupWizard.INI
[2006/07/09 08:09:08 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/07/09 08:02:47 | 01,265,664 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2006/07/09 08:02:47 | 01,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2006/07/09 08:02:47 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2006/07/09 08:02:46 | 01,200,128 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2006/07/09 08:02:46 | 01,028,096 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2006/07/09 08:02:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2006/07/09 08:02:24 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2006/07/09 08:02:24 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/07/09 08:02:24 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/07/09 08:02:24 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2006/07/09 08:02:24 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/11/06 09:37:03 | 00,001,228 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/20 10:23:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2005/07/30 08:35:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/06/29 19:01:08 | 00,000,120 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/06/29 18:57:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Epsonpp.ini
[2005/02/10 01:21:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/10 01:12:43 | 00,000,189 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/10 01:05:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/10 00:25:06 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,767 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 06:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2009/04/24 19:20:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathryn Dillon\Desktop\OTListIt2.exe
[2009/04/24 19:20:32 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\Rooter.exe
[2009/04/24 19:14:01 | 00,000,483 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\Shortcut to SYSTEM32.lnk
[2009/04/24 18:51:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/24 18:48:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/24 18:43:08 | 02,999,534 | R--- | M] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\ComboFix.exe
[2009/04/24 18:30:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DGQPYS61-Kathryn Dillon).job
[2009/04/24 17:52:58 | 00,243,204 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\unlocker1.8.7.exe
[2009/04/24 17:16:00 | 00,787,000 | ---- | M] (Prevx) -- C:\Documents and Settings\Kathryn Dillon\Desktop\PREVXCSIFREE.EXE
[2009/04/24 17:15:45 | 35,386,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/24 16:54:28 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\eBay.lnk
[2009/04/24 16:22:33 | 00,000,189 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/24 16:20:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/04/24 16:20:34 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/24 13:06:10 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\Desktop\avz4.zip
[2009/04/24 11:55:03 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/04/24 11:51:53 | 00,577,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/04/24 11:51:53 | 00,577,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/24 11:47:10 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/04/24 10:49:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/04/24 06:44:53 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/24 06:44:53 | 00,032,111 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/24 03:42:43 | 00,382,000 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/04/24 03:42:43 | 00,053,552 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/04/23 21:25:03 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/23 21:25:02 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/04/23 21:25:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/23 21:25:00 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/23 21:24:59 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/23 21:24:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/23 21:21:12 | 00,264,192 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/04/23 21:02:26 | 00,000,767 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/04/23 21:02:26 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/23 20:57:41 | 00,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/23 20:02:01 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zewojisi
[2009/04/22 00:14:30 | 04,809,238 | -H-- | M] () -- C:\Documents and Settings\Kathryn Dillon\Local Settings\Application Data\IconCache.db
[2009/04/21 16:54:00 | 00,091,566 | ---- | M] () -- C:\VETlog.dmp
[2009/04/21 16:51:58 | 00,045,568 | ---- | M] (MainConcept AG) -- C:\tqpxlyy.exe
[2009/04/21 09:58:08 | 00,109,568 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/20 18:19:58 | 00,107,520 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\kihipapo.dll.vir
[2009/04/18 10:11:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2009/04/18 07:22:47 | 00,001,250 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\My Documents\2009 MEDICAL EXPENSES.rtf
[2009/04/18 07:18:47 | 00,003,791 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\My Documents\MEDICAL EXPENSES 2008.doc
[2009/04/12 11:02:46 | 00,057,856 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 13:39:21 | 00,001,545 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Play Fishdom.lnk
[2009/03/29 08:30:11 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Kathryn Dillon\My Documents\SUBSCRIPTIONS.doc

========== LOP Check ==========

[2009/04/24 18:42:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/02/11 10:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/04 18:37:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/04/12 08:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/04/12 08:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/01/14 20:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/04/24 16:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/11 13:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2008/07/02 05:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/04/27 12:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/07/29 07:37:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/01/24 10:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008/11/23 22:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/02/15 19:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/07/11 20:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2005/02/10 01:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/23 21:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/04/17 19:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/01/12 23:21:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/11/13 18:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/02/10 01:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007/07/28 07:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2005/02/10 00:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/02/25 22:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/07/02 05:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/04/22 17:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/10 01:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/04/30 09:53:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/24 16:54:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data
[2009/03/04 20:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Adobe
[2006/08/19 09:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\AdobeAUM
[2008/06/15 09:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\AdobeUM
[2005/04/23 13:05:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\AOL
[2009/04/24 16:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Desktopicon
[2008/04/27 12:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\eBay
[2009/01/13 22:34:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Fabulous Finds
[2009/01/24 10:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Gogii Games
[2008/01/11 18:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Google
[2008/04/13 05:57:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\GTek
[2005/03/15 17:07:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Help
[2007/07/29 08:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\HP
[2005/02/10 00:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Identities
[2008/06/15 09:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Image Zone Express
[2008/02/02 12:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\InstallShield
[2007/03/07 23:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Jasc Software Inc
[2005/06/03 18:13:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Leadertech
[2009/03/22 08:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\LimeWire
[2005/03/04 07:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Macromedia
[2005/02/27 22:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\McAfee.com Personal Firewall
[2009/04/23 21:17:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Microsoft
[2009/03/14 11:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Move Networks
[2008/01/27 20:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\MSNInstaller
[2008/12/06 02:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Playrix Entertainment
[2007/09/01 07:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Printer Info Cache
[2006/02/12 11:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Registry Cleaner
[2009/01/26 23:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Righteous Kill
[2005/06/03 18:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Sonic
[2005/02/10 01:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Sun
[2008/03/23 00:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\TrueSwitch
[2007/02/10 15:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Viewpoint
[2007/06/17 08:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Webshots
[2008/04/06 20:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\WholeSecurity
[2005/09/17 15:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathryn Dillon\Application Data\Wildfire
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/02/27 22:24:38 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/04/24 18:30:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DGQPYS61-Kathryn Dillon).job
[2009/03/25 19:11:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\Norton PC Checkup WeekDay Scanner.job
[2009/04/18 10:11:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\Norton PC Checkup Weekend Scanner.job
[2009/04/24 18:51:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B156F3F2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE4E15B1
< End of report >



And...


OTListIt Extras logfile created on: 4/24/2009 7:36:18 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Kathryn Dillon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 239.99 Mb Available Physical Memory | 47.06% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.83 Gb Total Space | 56.21 Gb Free Space | 79.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 955.73 Mb Total Space | 887.09 Mb Free Space | 92.82% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERTSYS
Current User Name: Kathryn Dillon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\Common Files\AOL\1171409998\ee\aolsoftware.exe:*:Enabled:AOL Services (AOL LLC)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Deskbar" = AOL Deskbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AVG8Uninstall" = AVG 8.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Jasc Paint Shop Pro Studio.01 , Dell Edition Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
"MGI_PRISM_V1_0" = MGI PhotoSuite II SE (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"My Search Uninstall" = My Search Bar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PrintMaster Gold 3.00" = PrintMaster Gold 3.00
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Unlocker" = Unlocker 1.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2009 8:39:24 PM | Computer Name = ROBERTSYS | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/23/2009 8:59:48 PM | Computer Name = ROBERTSYS | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/24/2009 4:42:40 AM | Computer Name = DELL-28AA31811D | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2576, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/24/2009 4:42:40 AM | Computer Name = DELL-28AA31811D | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/24/2009 4:42:43 AM | Computer Name = DELL-28AA31811D | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2576, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/23/2009 10:56:55 PM | Computer Name = ROBERTSYS | Source = Application Error | ID = 1000
Description = Faulting application cdas625.exe, version 4.10.13.6, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x000111de.

Error - 4/24/2009 7:33:12 AM | Computer Name = ROBERTSYS | Source = Application Error | ID = 1000
Description = Faulting application cdas625.exe, version 4.10.13.6, faulting module
cybdefsb.dll, version 4.10.13.6, fault address 0x00058a6e.

Error - 4/24/2009 11:44:10 AM | Computer Name = ROBERTSYS | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.268, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 8:13:18 PM | Computer Name = ROBERTSYS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x0129fa98.

Error - 4/24/2009 8:33:47 PM | Computer Name = ROBERTSYS | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/24/2009 4:55:40 PM | Computer Name = ROBERTSYS | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/24/2009 4:55:40 PM | Computer Name = ROBERTSYS | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/24/2009 4:55:40 PM | Computer Name = ROBERTSYS | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/24/2009 4:55:40 PM | Computer Name = ROBERTSYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 4/24/2009 4:57:51 PM | Computer Name = ROBERTSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/24/2009 4:57:57 PM | Computer Name = ROBERTSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/24/2009 4:58:27 PM | Computer Name = ROBERTSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/24/2009 5:00:53 PM | Computer Name = ROBERTSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/24/2009 5:17:48 PM | Computer Name = ROBERTSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/24/2009 5:19:15 PM | Computer Name = ROBERTSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >





Whatever help you can give me would be much appreciated.


TFK
  • 0

#3
TFK
Posted 24 April 2009 - 10:01 PM

TFK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I fixed it on my own, so no need to take this any further.

Thanks for reading.

TFK
  • 0

#4
Rorschach112
Posted 25 April 2009 - 03:56 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP