Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ultra slow PC - IE slow / Fails

Started by Gothos , May 13 2009 01:13 PM

  • Please log in to reply

#1
Gothos
Posted 13 May 2009 - 01:13 PM

Gothos

    Member

  • Member
  • PipPip
  • 34 posts
Hi all

I received an email (in "spam folder") and deleted that email since I had no idea whom this was. As soon as I deleted it, I received a pop-up message that my scanner (AVG) seen a virus. I disallowed and "removed" the threat (or so I thought).

Now the machine is very slow, and in launching IE, it is slow to load pages (on a broadband connection) and even fails and refuses to connect (sporadic connections). I have reset the DHCP connections on the LAN side as well as the WAN side, just in case the ISP has changed it's connections, but I still run into slow boot / launch, and bizarre connection issues. There are 2 other machines connected to the network, and they have no issues.

I have done the following (logs are attached):

ATF Cleaned ---
Created a new system restore point ---
Ran ERUNT ----
Ran MBAM ---
Ran AVG system scan 3X (failed to run)
Ran online scan F-Secure ---
Ran AVG system scan (another failure)
Verified the Windows Updates are on line and up to date ---
Rebooted with the same issue(s) present ---
Ran Rooter.exe ---
Ran OTListIt2 ---

AVG failures are when it gets to a certain file, the machine locks up and I have to do a total cold restart. The files it stops and locks up on are totally random.

Below are the logs:

********************************

Malwarebytes' Anti-Malware 1.36
Database version: 2122
Windows 5.1.2600 Service Pack 3

5/13/2009 7:47:01 AM
mbam-log-2009-05-13 (07-47-01).txt

Scan type: Quick Scan
Objects scanned: 81789
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

********************************

OTListIt logfile created on: 5/13/2009 12:28:20 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Mark Milbert\Desktop\Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 408.47 Mb Available Physical Memory | 39.95% Memory free
3.90 Gb Paging File | 3.27 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 124.28 Gb Free Space | 66.71% Space Free | Partition Type: NTFS
Drive D: | 57.26 Gb Total Space | 16.45 Gb Free Space | 28.72% Space Free | Partition Type: FAT32
Drive E: | 445.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 692.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKTOWER
Current User Name: Mark Milbert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\TortoiseSVN\bin\TSVNCache.exe (www.tortoisesvn.org)
PRC - C:\Program Files\Grisoft\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Web Jetadmin 10\bin\HPWJAService.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Grisoft\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Grisoft\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe ()
PRC - C:\Program Files\Grisoft\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - c:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\YPOPs\YPOPs.exe (http://YPOPsEmail.com)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Mark Milbert\Desktop\Security\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Akamai [Auto | Running]) -- c:\program files\common files\akamai\rswin_3500.dll ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\Grisoft\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HPWJAService [Auto | Running]) -- C:\Web Jetadmin 10\bin\HPWJAService.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPWJAUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe ()
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MSSQL$HPWJA [Auto | Running]) -- c:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (Visual Studio Analyzer RPC bridge [On_Demand | Stopped]) -- C:\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AVG Anti-Rootkit [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys (GRISOFT, s.r.o.)
DRV - (AvgArCln [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AvgArCln.sys (GRISOFT, s.r.o.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BIOS [System | Running]) -- C:\WINDOWS\System32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (CxLPT [Auto | Running]) -- C:\WINDOWS\System32\drivers\cxlpt.sys (Logitech Inc.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NCHSSVAD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (papycpu2 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy [System | Running]) -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SABProcEnum [On_Demand | Stopped]) -- C:\WINDOWS\System32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (SASDIFSV [System | Running]) -- C:\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (X4HSX32 [Auto | Running]) -- D:\GameTap\bin\Release\X4HSX32.Sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========



[2007/10/23 18:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark Milbert\Application Data\mozilla\Firefox\Profiles\yuwlscrr.default\extensions

O1 HOSTS File: (206640 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 7270 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\Grisoft\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Mark Milbert\Start Menu\Programs\Startup\YPOPs.lnk = C:\YPOPs\YPOPs.exe (http://YPOPsEmail.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mahjong%20World/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1186510232671 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1186510220453 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\SUPERAntiSpyware\SASWINLO.DLL - C:\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/07 12:02:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/12/04 14:14:20 | 00,864,256 | R--- | M] (Sierra Entertainment, Inc.
Bellevue, WA 98005) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/12/30 09:59:48 | 00,000,133 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/05/13 12:25:30 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 11:20:35 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\MARKMI~1\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/05/11 15:34:52 | 00,006,215 | ---- | C] () -- C:\DOCUME~1\MARKMI~1\Desktop\Gothos.htm
[2009/05/06 08:59:38 | 00,000,555 | ---- | C] () -- C:\DOCUME~1\MARKMI~1\Desktop\LViewPro.lnk
[2009/05/04 14:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/05/04 14:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/04/29 12:30:14 | 00,000,000 | ---D | C] -- C:\cd565139dcbf7aa7a93f10821d09
[2009/04/29 11:59:05 | 00,000,000 | ---D | C] -- C:\9b6742ca2a0c36a25d08d15e
[2009/04/29 11:18:30 | 00,000,000 | ---D | C] -- C:\9a053e04419d196bc1ba83
[2009/04/29 11:18:12 | 00,000,000 | ---D | C] -- C:\eeee3375d53dba7bad5eaf36e180e3
[2009/04/29 11:17:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/29 11:16:37 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/29 11:13:52 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/04/29 11:13:51 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/04/29 10:54:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/29 10:48:18 | 00,000,000 | ---D | C] -- C:\ff484c1ec63b696a510315b51fc20dbf
[2009/04/29 10:47:58 | 00,000,000 | ---D | C] -- C:\000ca9874391ddf913
[2009/04/22 17:12:14 | 00,116,047 | ---- | C] () -- C:\WINDOWS\System32\SSPDFD
[2009/04/19 13:43:01 | 00,056,832 | ---- | C] () -- C:\DOCUME~1\MARKMI~1\Desktop\Kitty First Aid.doc
[2009/04/18 07:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/04/15 22:44:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 22:44:36 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 22:44:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 22:44:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 22:44:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 22:44:35 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 22:44:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 22:44:35 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 22:44:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 22:36:41 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 22:36:40 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 22:36:40 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 22:20:10 | 00,000,000 | ---D | C] -- C:\Casio Images
[2009/04/15 06:06:28 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/03/31 15:06:47 | 00,002,463 | ---- | C] () -- C:\WINDOWS\ilan_txt.ini
[2009/03/31 15:06:47 | 00,000,039 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/03/31 12:57:45 | 00,000,027 | ---- | C] () -- C:\WINDOWS\efaxpump.ini
[2009/03/31 12:55:03 | 00,002,584 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2009/03/30 06:12:23 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/29 13:47:53 | 00,000,076 | ---- | C] () -- C:\WINDOWS\qcamereg.ini
[2008/11/07 08:53:21 | 00,000,223 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2008/10/09 15:27:34 | 00,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2008/08/01 18:25:30 | 00,000,277 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/08/01 14:14:57 | 00,000,730 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008/05/24 03:55:00 | 03,614,208 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/05/24 03:55:00 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2008/05/24 03:55:00 | 00,711,168 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/24 03:55:00 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/05/24 03:55:00 | 00,455,680 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/24 03:55:00 | 00,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/05/24 03:55:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/24 03:55:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/05/24 03:55:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/05/24 03:55:00 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/05/24 03:55:00 | 00,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/05/24 03:55:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/24 03:55:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/05/24 03:55:00 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/05/24 03:55:00 | 00,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/05/24 03:55:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/05/24 03:55:00 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/05/24 03:55:00 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/05/24 03:55:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/24 07:39:34 | 00,000,349 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2008/03/29 09:42:22 | 00,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 09:42:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 09:42:14 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 09:42:08 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 09:42:04 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 09:42:04 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 09:42:02 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 09:42:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 09:41:54 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 09:41:52 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 09:41:52 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/03/21 14:30:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 14:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 14:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/11/15 21:00:04 | 00,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/11/10 16:09:41 | 00,000,767 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/10/25 14:39:02 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/10/25 11:50:25 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/10/13 03:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/02 19:22:15 | 00,000,997 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/16 07:20:07 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2007/09/16 07:18:34 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/08/08 15:23:39 | 00,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2007/08/08 15:23:39 | 00,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2007/08/08 15:20:10 | 00,000,194 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2007/08/08 09:44:34 | 00,000,224 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2007/08/07 12:35:11 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/28 12:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/16 17:00:00 | 00,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/10/22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/11/11 02:16:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 05:42:22 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 05:42:22 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 05:42:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 11:12:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 11:12:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 11:12:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 11:12:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 11:12:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 06:00:00 | 00,001,099 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1998/06/10 01:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 01:00:00 | 00,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 01:00:00 | 00,000,228 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/13 12:22:17 | 00,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 12:21:19 | 00,087,103 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/13 12:20:45 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/13 12:20:23 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Mark Milbert\Local Settings\desktop.ini
[2009/05/13 12:20:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 12:20:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 12:20:15 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 11:20:35 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\MARKMI~1\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/05/13 11:15:46 | 00,001,099 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 11:15:42 | 00,001,036 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/05/13 04:41:27 | 36,044,111 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/13 04:41:27 | 00,053,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/11 17:27:49 | 00,082,944 | ---- | M] () -- C:\DOCUME~1\MARKMI~1\Desktop\IU Logs.xls
[2009/05/11 15:34:52 | 00,006,215 | ---- | M] () -- C:\DOCUME~1\MARKMI~1\Desktop\Gothos.htm
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 08:59:38 | 00,000,555 | ---- | M] () -- C:\DOCUME~1\MARKMI~1\Desktop\LViewPro.lnk
[2009/05/05 14:07:04 | 00,000,039 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/05/05 14:07:03 | 00,002,463 | ---- | M] () -- C:\WINDOWS\ilan_txt.ini
[2009/05/03 10:26:40 | 00,000,194 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[2009/05/01 14:13:50 | 00,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[2009/05/01 08:58:55 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/01 08:58:54 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/01 08:58:54 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/01 08:58:43 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/29 12:06:12 | 00,559,996 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/29 12:06:12 | 00,483,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/29 12:06:12 | 00,086,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/29 11:48:47 | 00,000,083 | -HS- | M] () -- C:\DOCUME~1\MARKMI~1\My Documents\desktop.ini
[2009/04/29 11:17:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/24 14:10:46 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/22 17:12:15 | 00,116,047 | ---- | M] () -- C:\WINDOWS\System32\SSPDFD
[2009/04/20 09:14:25 | 00,000,395 | ---- | M] () -- C:\Documents and Settings\Mark Milbert\Start Menu\Programs\Startup\YPOPs.lnk
[2009/04/19 13:56:05 | 00,056,832 | ---- | M] () -- C:\DOCUME~1\MARKMI~1\Desktop\Kitty First Aid.doc
[2009/04/18 04:20:24 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
< End of report >

********************************

OTListIt Extras logfile created on: 4/13/2009 9:51:59 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mark Milbert\Desktop\Security\Security Load Modules
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 175.71 Mb Available Physical Memory | 17.19% Memory free
3.90 Gb Paging File | 2.81 Gb Available in Paging File | 72.10% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 127.60 Gb Free Space | 68.49% Space Free | Partition Type: NTFS
Drive D: | 57.26 Gb Total Space | 16.45 Gb Free Space | 28.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKTOWER
Current User Name: Mark Milbert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9420:TCP" = 9420:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"1994:TCP" = 1994:TCP:*:Enabled:Akamai NetSession Interface
"4549:TCP" = 4549:TCP:*:Enabled:Akamai NetSession Interface
"1272:TCP" = 1272:TCP:*:Enabled:Akamai NetSession Interface
"1468:TCP" = 1468:TCP:*:Enabled:Akamai NetSession Interface
"1512:TCP" = 1512:TCP:*:Enabled:Akamai NetSession Interface
"3611:TCP" = 3611:TCP:*:Enabled:Akamai NetSession Interface
"4707:TCP" = 4707:TCP:*:Enabled:Akamai NetSession Interface
"1309:TCP" = 1309:TCP:*:Enabled:Akamai NetSession Interface
"3511:TCP" = 3511:TCP:*:Enabled:Akamai NetSession Interface
"4834:TCP" = 4834:TCP:*:Enabled:Akamai NetSession Interface
"3105:TCP" = 3105:TCP:*:Enabled:Akamai NetSession Interface
"2459:TCP" = 2459:TCP:*:Enabled:Akamai NetSession Interface
"3439:TCP" = 3439:TCP:*:Enabled:Akamai NetSession Interface
"1514:TCP" = 1514:TCP:*:Enabled:Akamai NetSession Interface
"2695:TCP" = 2695:TCP:*:Enabled:Akamai NetSession Interface
"1315:TCP" = 1315:TCP:*:Enabled:Akamai NetSession Interface
"2070:TCP" = 2070:TCP:*:Enabled:Akamai NetSession Interface
"3297:TCP" = 3297:TCP:*:Enabled:Akamai NetSession Interface
"3314:TCP" = 3314:TCP:*:Enabled:Akamai NetSession Interface
"3357:TCP" = 3357:TCP:*:Enabled:Akamai NetSession Interface
"1080:TCP" = 1080:TCP:*:Enabled:Akamai NetSession Interface
"1299:TCP" = 1299:TCP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
C:\Program Files\Grisoft\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Grisoft\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{242FBF70-03A3-4317-931F-FA7798F39A13}" = Winflash
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{27B3563C-561C-4924-8C0E-EA102264873F}" = Windows Server 2003 Service Pack 1 Administration Tools Pack
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{EFBD6F61-53E8-4F5F-8B30-1BB65BAD3EE6}" = HP Install Network Printer Wizard
"{F4BBA950-56F0-4335-8D93-EE64BFF593A0}" = TortoiseSVN 1.4.5.10425 (32 bit)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"AVGantiRootkit" = AVG Anti-Rootkit Free
"B17 Flying Fortress" = B17 Flying Fortress
"BHODemon_is1" = BHODemon 2.0.0.23
"Call of Duty" = Call of Duty
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"CleanUp!" = CleanUp!
"Drug Lord 2" = Drug Lord 2
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Golden" = Golden Records
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Web Jetadmin 10.1" = HP Web Jetadmin 10.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Magelo Sync" = Magelo Sync (uninstall only)
"Media Player - Codec Pack" = Media Player Codec Pack 3.2.0
"Metacafe" = Metacafe
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP3 Converter Simple" = MP3 Converter Simple
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NNC Series Mod3.3" = NNC Series Mod
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"Picasa2" = Picasa 2
"Prism" = Prism
"SimCity 3000" = SimCity 3000
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Snappy Fax 2000 Version 3_is1" = Snappy Fax 2000 Version 3
"SoundTap" = SoundTap
"SpywareGuard_is1" = SpywareGuard v2.2
"Switch" = Switch
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WavePad" = WavePad Uninstall
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YPOPs!_is1" = YPOPs! 0.9.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Magelo Update" = Magelo Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2009 3:48:31 PM | Computer Name = BLACKTOWER | Source = Application Error | ID = 1000
Description = Faulting application qpict32.exe, version 1.0.1.1, faulting module
qpict32.exe, version 1.0.1.1, fault address 0x0000100e.

Error - 3/31/2009 3:33:30 PM | Computer Name = BLACKTOWER | Source = Application Hang | ID = 1002
Description = Hanging application ntvdm.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/31/2009 3:45:42 PM | Computer Name = BLACKTOWER | Source = Microsoft Fax | ID = 32090
Description = The Fax service print monitor has failed to submit the fax. The following
error occurred: 3003. This error code indicates the cause of the error. Sender Machine
Name: \\BLACKTOWER. Sender User Name: Mark Milbert. Sender Name: Mark Milbert. Subject:
Sprint Release Form. Recipient name: Scott. Recipient number: {0cd77475-c87d-4921-86cf-84d502714666}TRANSLATEDT
18007248419{11d0ecca-4072-4c7b-9af1-541d9778375f} 1 800 724-8419. Number of Recipients:
1.

Error - 3/31/2009 3:49:03 PM | Computer Name = BLACKTOWER | Source = Microsoft Fax | ID = 32090
Description = The Fax service print monitor has failed to submit the fax. The following
error occurred: 3003. This error code indicates the cause of the error. Sender Machine
Name: \\BLACKTOWER. Sender User Name: Mark Milbert. Sender Name: Mark Milbert. Subject:
Ticket 197690. Recipient name: Prism Point Technologies. Recipient number: {0cd77475-c87d-4921-86cf-84d502714666}TRANSLATEDT
16786101401{11d0ecca-4072-4c7b-9af1-541d9778375f} 1 678 610-1401. Number of Recipients:
1.

Error - 3/31/2009 3:56:41 PM | Computer Name = BLACKTOWER | Source = Microsoft Fax | ID = 32090
Description = The Fax service print monitor has failed to submit the fax. The following
error occurred: 3003. This error code indicates the cause of the error. Sender Machine
Name: \\BLACKTOWER. Sender User Name: Mark Milbert. Sender Name: Mark Milbert. Subject:
Ticket 197688. Recipient name: Prism Point Technologies. Recipient number: {0cd77475-c87d-4921-86cf-84d502714666}TRANSLATEDT
16786101401{11d0ecca-4072-4c7b-9af1-541d9778375f} 1 678 610-1401. Number of Recipients:
1.

Error - 3/31/2009 4:00:43 PM | Computer Name = BLACKTOWER | Source = Microsoft Fax | ID = 32090
Description = The Fax service print monitor has failed to submit the fax. The following
error occurred: 3003. This error code indicates the cause of the error. Sender Machine
Name: \\BLACKTOWER. Sender User Name: Mark Milbert. Sender Name: Mark Milbert. Subject:
Test. Recipient name: Mark. Recipient number: {0cd77475-c87d-4921-86cf-84d502714666}TRANSLATEDT7669026{11d0ecca-4072-4c7b-9af1-541d9778375f}766-9026.

Number
of Recipients: 1.

Error - 3/31/2009 4:08:20 PM | Computer Name = BLACKTOWER | Source = Microsoft Fax | ID = 32090
Description = The Fax service print monitor has failed to submit the fax. The following
error occurred: 3003. This error code indicates the cause of the error. Sender Machine
Name: \\BLACKTOWER. Sender User Name: Mark Milbert. Sender Name: Mark Milbert. Subject:
Ticket 197688. Recipient name: Prism Pointe Technologies. Recipient number: {0cd77475-c87d-4921-86cf-84d502714666}TRANSLATEDT
16786101401{11d0ecca-4072-4c7b-9af1-541d9778375f} 1 678 610-1401. Number of Recipients:
1.

Error - 3/31/2009 4:54:25 PM | Computer Name = BLACKTOWER | Source = Microsoft Fax | ID = 32092
Description = The Fax service failed to receive a fax. From: . CallerId: . To: Fax.
Pages:
0. Device Name: Motorola SM56 Speakerphone Modem.

Error - 4/9/2009 8:33:07 AM | Computer Name = BLACKTOWER | Source = Application Hang | ID = 1002
Description = Hanging application WNTIPCFG.EXE, version 5.0.2195.3572, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2009 8:33:13 AM | Computer Name = BLACKTOWER | Source = Application Hang | ID = 1002
Description = Hanging application WNTIPCFG.EXE, version 5.0.2195.3572, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/31/2009 4:40:11 PM | Computer Name = BLACKTOWER | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 3/31/2009 4:56:04 PM | Computer Name = BLACKTOWER | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 3/31/2009 5:09:46 PM | Computer Name = BLACKTOWER | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 4/4/2009 5:18:23 PM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/9/2009 8:13:05 AM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/9/2009 8:18:07 AM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/9/2009 8:34:12 AM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 68.87.66.13 (The DHCP Server
sent a DHCPNACK message).

Error - 4/9/2009 8:37:33 AM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 67.174.186.184 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/9/2009 8:38:23 AM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/9/2009 8:53:58 AM | Computer Name = BLACKTOWER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0019215D18CA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >

********************************

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:190771 Mo/Free:290 Mo)
D:\ [Fixed] - FAT32 - (Total:58629 Mo/Free:456 Mo)
E:\ [CD-Rom] (Total:444 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:692 Mo/Free:0 Mo)

Wed 05/13/2009|12:25

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\TortoiseSVN\bin\TSVNCache.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\Grisoft\avgwdsvc.exe
---------- C:\Web Jetadmin 10\bin\HPWJAService.exe
---------- C:\PROGRA~1\Grisoft\avgrsx.exe
---------- C:\PROGRA~1\Grisoft\avgnsx.exe
---------- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
---------- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
---------- C:\PROGRA~1\Grisoft\avgtray.exe
---------- C:\WINDOWS\sm56hlpr.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- c:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\YPOPs\YPOPs.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\mdm.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 05/13/2009|12:27

----------------------\\ Scan completed at 12:27

********************************

Thanks for any assistance.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP