Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow system, high CPU usage, Win32:Trojan-gen {Other}, Firefox problem

Started by Robbie22 , Sep 02 2009 10:04 AM

  • Please log in to reply

#1
Robbie22
Posted 02 September 2009 - 10:04 AM

Robbie22

    New Member

  • Member
  • Pip
  • 1 posts
I started having problems a couple of days ago. Prior to this I haven't had too many run-ins with spyware and certainly nothing causing the type of system performance decline I'm experiencing now. I had trouble detecting much of anything with the usual utilities, but I did run it through the tests suggested on the site and will post my logs below.

(Note: Firefox is my primary browser, problems are not impacting IE 8.)

The symptoms are:

1. When using www.google.com, if I click on a link it will get stuck on "transferring data" and eventually time out. Oddly however, if I use the Firefox branded Google link that appears as the default homepage on a new installation of Firefox (http://www.google.co...:en-US:official) then it works perfectly. The problem only seems to appear if I go directly to www.google.com and begin searching.

2. When I access one particular banking site with Firefox on this system, it directs me to a page that says my previous session has expired and makes me log in again. This becomes a continuous loop. I can access the page just fine using the same version of Firefox on my other computer, as well as Internet Explorer on either computer.

3. System is suddenly using a higher then normal amount of RAM and CPU %. My usage varies wildly anywhere from 40% up to 100%. Firefox especially uses a lot of RAM when opened even with just one tab. System feels much slower then usual. Sitting idle the system will suddenly shoot up to 100% usage. Network traffic appears fine.

4. Firefox will not close properly, if I close it and try to reopen it, it always reports that there is a process already running but not responding.

I also tried uninstalling Firefox completely and reinstalling it, but it did not fix any of the issues I outlined above.


MBAM Log
Malwarebytes' Anti-Malware 1.40
Database version: 2728
Windows 5.1.2600 Service Pack 3

9/1/2009 7:54:48 PM
mbam-log-2009-09-01 (19-54-48).txt

Scan type: Quick Scan
Objects scanned: 122071
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
http://www.geekstogo...es/rte-bold.png

Virus Scanning

AVG only revealed tracking cookies.

Avast revealed these (C is my main drive, F is a secondary and O is a backup drive):

File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000117.EXE is infected by Win32:Trojan-gen {Other}, Deleted

File F:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000118.EXE is infected by Win32:Trojan-gen {Other}, Moved to chest

File O:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000119.EXE is infected by Win32:Trojan-gen {Other}, Moved to chest

File O:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000120.EXE is infected by Win32:Trojan-gen {Other}, Moved to chest

Root Repeal Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/02 08:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 00000118
Image Path: \Driver\00000118
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: a8li25pe.SYS
Image Path: C:\WINDOWS\System32\Drivers\a8li25pe.SYS
Address: 0xB7BE1000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAE4F8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA62E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mc21.tmp
Image Path: C:\WINDOWS\TEMP\mc21.tmp
Address: 0xBA7CA000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xAACF8000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae5516b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae551574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae551a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae55114c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xb9ee4d1c

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xb9ee50bc

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae55164e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae55108c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae5510f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xb9ee5194

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae55176e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae55172e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xae5518ae

==EOF==

OTL Logs

OTL.TXT
-------
OTL logfile created on: 9/2/2009 8:27:12 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Robbie\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 51.73 Gb Free Space | 22.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 10.42 Gb Free Space | 1.12% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 559.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.76 Gb Total Space | 4.33 Gb Free Space | 0.93% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 1376.66 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
Drive O: | 3726.04 Gb Total Space | 1762.48 Gb Free Space | 47.30% Space Free | Partition Type: NTFS

Computer Name: ROBBIE
Current User Name: Robbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/06/02 20:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/08/10 23:17:28 | 00,118,272 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/03 07:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/06/02 20:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/09/01 10:46:55 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/18 21:11:07 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
PRC - [2008/04/17 10:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/01 10:47:03 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 10:47:03 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/11/03 11:28:22 | 00,537,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/02/22 14:15:52 | 00,389,120 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
PRC - [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/10/16 20:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/12/18 10:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005/10/05 18:19:00 | 00,131,072 | ---- | M] () -- C:\Program Files\Silicon Image\3132-W-I32-Sm SATARAID5\SATARaid5ConfigService.exe
PRC - [2006/07/14 21:21:04 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
PRC - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 03:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2005/02/22 14:19:44 | 00,057,344 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
PRC - [2005/02/22 14:19:42 | 00,049,152 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\bin\httpserver.exe
PRC - [2005/02/22 14:19:44 | 00,081,920 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\bin\status_glance.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/10 15:02:37 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2006/09/14 13:09:07 | 00,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/06/27 18:24:58 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/05/02 03:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/05/14 18:26:06 | 01,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2008/08/12 13:00:06 | 02,990,848 | ---- | M] (2BrightSparks) -- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
PRC - [2008/05/02 03:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/09/02 08:25:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robbie\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/06/02 20:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/06/02 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/09/01 10:46:55 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/23 19:46:13 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [On_Demand | Stopped])
SRV - [2009/02/18 21:11:07 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe -- (CSHelper [Auto | Running])
SRV - [2008/04/17 10:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/11/03 11:28:22 | 00,537,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe -- (dlcg_device [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/07/22 16:40:40 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/02/22 14:15:52 | 00,389,120 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe -- (LanSafe PM [Auto | Running])
SRV - [2005/02/22 14:19:44 | 00,057,344 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe -- (LanSafe Process Manager [On_Demand | Running])
SRV - [2009/07/03 07:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 02:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/12/18 10:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS [Auto | Running])
SRV - [2005/05/03 22:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/04/16 07:52:28 | 00,091,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - File not found -- -- (SansaService [Auto | Stopped])
SRV - [2005/10/05 18:19:00 | 00,131,072 | ---- | M] () -- C:\Program Files\Silicon Image\3132-W-I32-Sm SATARAID5\SATARaid5ConfigService.exe -- (SATARaid5 Config Service [Auto | Running])
SRV - [2006/07/14 21:21:04 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe -- (ScsiAccess [Auto | Running])
SRV - [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS [On_Demand | Stopped])
SRV - [2005/08/10 23:17:28 | 00,118,272 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:17:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/02 07:08:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/01 10:46:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected] [2009/09/01 10:47:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/01 08:14:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/01 19:09:25 | 00,000,000 | ---D | M]

[2009/09/01 08:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Extensions
[2009/09/01 08:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/23 17:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Extensions\[email protected]
[2009/09/02 00:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Firefox\Profiles\2f2419n6.default\extensions
[2009/09/01 09:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Firefox\Profiles\2f2419n6.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/09/01 19:32:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Firefox\Profiles\2f2419n6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/01 08:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Firefox\Profiles\9qkv2v4u.default\extensions
[2009/09/01 08:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Firefox\Profiles\9qkv2v4u.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/09/01 08:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\mozilla\Firefox\Profiles\9qkv2v4u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/02 08:24:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/01 08:14:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/29 22:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/12/02 07:08:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/25 05:57:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/20 10:46:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/30 04:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 04:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/06/25 21:43:54 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/01/15 11:53:03 | 00,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/12/12 09:25:15 | 01,859,584 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2006/12/12 17:41:19 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2006/07/11 22:32:45 | 00,049,152 | ---- | M] (Network Associates Inc) -- C:\Program Files\mozilla firefox\plugins\NPMGWRAP.DLL
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/30 04:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/04/18 12:10:18 | 00,015,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/05/23 23:08:48 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/05/19 14:57:00 | 02,641,920 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2006/05/23 23:08:53 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/05/23 23:08:45 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/10/29 20:47:13 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2008/02/28 14:30:00 | 00,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2008/02/28 14:33:00 | 00,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/01 19:24:53 | 00,001,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (901 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2CAC06C2-9CD9-44BE-AB77-BE0BCCB24DF6} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid5Manager.lnk = C:\WINDOWS\Installer\{5485E9E5-7B11-47DD-9F06-D04F3DC3A86E}\_FBEACEF0C3F0E4F42B2F23.exe ()
O4 - Startup: C:\Documents and Settings\Robbie\Start Menu\Programs\Startup\SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (2BrightSparks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237954408602 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative....101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (voqbbo.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/25 15:03:00 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/10 15:15:09 | 00,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 14:56:50 | 00,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/08/17 19:18:27 | 00,000,143 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/02/16 00:11:19 | 00,000,000 | ---D | M] - M:\autorun -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/02 00:52:54 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/02 00:52:53 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/02 00:52:53 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/02 00:52:53 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/02 00:52:49 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/02 00:52:49 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/02 00:52:49 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/02 00:52:49 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/02 00:52:49 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/02 00:52:27 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/02 00:52:27 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/09/02 00:52:24 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/02 00:29:39 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.BAK
[2009/09/02 00:29:24 | 00,011,762 | ---- | C] () -- C:\Documents and Settings\Robbie\My Documents\cc_20090902_002923.reg
[2009/09/01 19:41:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/01 19:40:42 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\NTREGOPT.lnk
[2009/09/01 19:40:41 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\ERUNT.lnk
[2009/09/01 19:40:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/01 19:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robbie\Local Settings\Application Data\AVG Security Toolbar
[2009/09/01 18:55:38 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\HijackThis.lnk
[2009/09/01 18:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/01 12:46:25 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/01 10:59:20 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/09/01 10:47:35 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/01 10:47:35 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/01 10:47:35 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/09/01 10:47:30 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/01 10:47:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/01 10:47:16 | 40,517,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/01 10:47:15 | 00,076,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/01 10:47:13 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/01 10:47:12 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/01 10:47:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/01 10:47:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/09/01 10:46:55 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/01 10:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/09/01 10:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robbie\Application Data\AVG8
[2009/09/01 08:27:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/01 08:25:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/01 08:24:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/01 08:14:25 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/01 07:52:29 | 00,391,276 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\temp pass 2.jpg
[2009/09/01 07:51:58 | 00,385,771 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\temp pass.jpg
[2009/09/01 07:25:05 | 00,454,093 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\Bookmarks 2009-09-01.json
[2009/09/01 06:30:24 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/01 05:44:26 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/01 05:42:48 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/01 05:42:46 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/01 05:28:30 | 00,003,674 | ---- | C] () -- C:\Documents and Settings\Robbie\My Documents\cc_20090901_052829.reg
[2009/09/01 00:59:57 | 00,019,286 | ---- | C] () -- C:\Documents and Settings\Robbie\My Documents\cc_20090901_005956.reg
[2009/08/29 22:36:22 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/29 22:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robbie\Application Data\skypePM
[2009/08/29 22:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robbie\Application Data\Skype
[2009/08/29 22:34:47 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/29 22:34:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/29 22:34:43 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/08/29 22:34:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/08/29 02:18:35 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/29 02:18:35 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/27 15:20:51 | 00,000,312 | ---- | C] () -- C:\Documents and Settings\Robbie\My Documents\My Documents.lnk
[2009/08/26 00:00:59 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Robbie\Desktop\Trav San Fran Suggestions.doc
[2009/08/21 22:43:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2009/08/21 22:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/08/21 21:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robbie\Desktop\Ebay Auctions

========== Files - Modified Within 14 Days ==========

[4 C:\Documents and Settings\Robbie\My Documents\*.tmp files]
[2009/09/02 08:02:33 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid5Manager.lnk
[2009/09/02 08:02:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/02 07:42:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4136045624-3029580969-1164144223-1005UA.job
[2009/09/02 07:12:54 | 00,554,222 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/02 07:12:54 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/02 07:12:54 | 00,080,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/02 07:08:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/02 07:08:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 00:53:39 | 00,032,000 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2009/09/02 00:53:39 | 00,032,000 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2009/09/02 00:53:39 | 00,031,368 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2009/09/02 00:53:39 | 00,031,368 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2009/09/02 00:53:39 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2009/09/02 00:53:28 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF
[2009/09/02 00:53:28 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.BAK
[2009/09/02 00:52:54 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/02 00:52:49 | 00,002,674 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2009/09/02 00:29:29 | 00,011,762 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\cc_20090902_002923.reg
[2009/09/02 00:27:19 | 40,517,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/02 00:26:59 | 00,076,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/01 23:54:12 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/01 23:54:11 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/09/01 23:45:05 | 00,237,056 | ---- | M] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 23:42:03 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4136045624-3029580969-1164144223-1005Core.job
[2009/09/01 20:06:36 | 07,016,448 | ---- | M] () -- C:\My Money.mny
[2009/09/01 19:40:42 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\NTREGOPT.lnk
[2009/09/01 19:40:41 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\ERUNT.lnk
[2009/09/01 18:55:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\HijackThis.lnk
[2009/09/01 11:22:36 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\Robbie's DVD Catalog.doc
[2009/09/01 11:00:38 | 04,307,916 | -H-- | M] () -- C:\Documents and Settings\Robbie\Local Settings\Application Data\IconCache.db
[2009/09/01 10:52:13 | 00,000,844 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/01 10:52:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/01 10:52:13 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/09/01 10:47:35 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/01 10:47:35 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/01 10:47:35 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/09/01 10:47:30 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/01 10:47:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/01 10:47:15 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/01 10:47:13 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/01 09:00:37 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Drive L.job
[2009/09/01 08:14:25 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/01 07:52:30 | 00,391,276 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\temp pass 2.jpg
[2009/09/01 07:51:59 | 00,385,771 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\temp pass.jpg
[2009/09/01 07:25:05 | 00,454,093 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\Bookmarks 2009-09-01.json
[2009/09/01 05:44:26 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/01 05:42:46 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/01 05:28:35 | 00,003,674 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\cc_20090901_052829.reg
[2009/09/01 01:28:41 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\Robbie's Universal To-Do List.doc
[2009/09/01 01:24:54 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\Movie's Not Available on Netflix.doc
[2009/09/01 01:18:08 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/01 01:00:03 | 00,019,286 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\cc_20090901_005956.reg
[2009/09/01 00:57:41 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Robbie\Application Data\inst.exe
[2009/09/01 00:57:41 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Robbie\Application Data\pcouffin.sys
[2009/09/01 00:57:41 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Robbie\Application Data\pcouffin.cat
[2009/09/01 00:57:41 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Robbie\Application Data\pcouffin.inf
[2009/08/31 13:14:03 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\CCleaner.lnk
[2009/08/30 02:30:21 | 00,001,361 | ---- | M] () -- C:\WINDOWS\Sidplay2w.ini
[2009/08/29 22:36:22 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/29 22:34:47 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/29 02:18:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/29 02:18:35 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/28 17:17:25 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/08/28 09:18:01 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Drive C.job
[2009/08/27 15:20:51 | 00,000,312 | ---- | M] () -- C:\Documents and Settings\Robbie\My Documents\My Documents.lnk
[2009/08/27 10:45:21 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Drive M.job
[2009/08/27 01:47:27 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\Weight and Exercise.xls
[2009/08/26 09:00:27 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Drive F.job
[2009/08/26 00:03:11 | 00,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/08/26 00:03:11 | 00,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/08/26 00:01:00 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Robbie\Desktop\Trav San Fran Suggestions.doc

========== LOP Check ==========

[2009/09/01 19:30:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/01 05:42:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/11/17 07:31:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/01/14 10:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/07/14 19:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2006/11/04 13:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/09/01 20:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/04/19 21:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/03/01 17:38:21 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/05/07 00:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canopus
[2006/08/02 17:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/08/26 03:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/09/01 01:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2007/11/05 21:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/06/28 13:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/05/29 23:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/05/29 23:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2006/12/02 12:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/07/16 20:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/11/27 20:48:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2006/12/25 15:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/03/18 21:32:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2006/12/02 12:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/08/16 17:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2007/07/15 14:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/05/15 23:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/05 23:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/09/10 16:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/11/17 07:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/01 19:09:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Robbie\Application Data
[2007/10/22 23:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\AbsoluteTelnet
[2006/05/03 17:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\acccore
[2006/05/07 19:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Ahead
[2007/11/12 20:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Aim
[2006/09/30 23:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\ArcSoft
[2006/07/07 21:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\ATI
[2009/09/01 00:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Azureus
[2009/08/24 01:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Canon
[2007/05/07 00:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Canopus
[2006/05/06 14:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Corel
[2006/05/06 14:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Corel Photo Album
[2006/05/03 23:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\CyberLink
[2009/04/26 17:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\diag
[2009/07/22 16:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Download Manager
[2009/05/15 20:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\dvdcss
[2008/01/14 09:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Flock
[2006/07/09 04:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\IDMComp
[2009/07/10 16:54:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\ImgBurn
[2006/08/27 22:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\InterVideo
[2007/06/23 22:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\iPodder
[2006/08/02 22:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Leadertech
[2009/08/29 23:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\LimeWire
[2006/08/16 17:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\NewSoft
[2007/03/04 12:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Pegasys Inc
[2007/11/24 02:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\PgcEdit
[2008/06/14 23:43:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Publish Providers
[2009/04/01 16:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\QuickScan
[2007/02/08 22:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\RipIt4Me
[2006/08/16 17:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\ScanSoft
[2006/07/30 13:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\SlySoft
[2008/06/14 23:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Sony
[2009/05/31 22:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Stamps.com Internet Postage
[2006/05/05 23:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\TuneUp Software
[2006/11/24 18:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\uTorrent
[2009/09/01 00:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\Vso
[2009/01/05 20:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\VTrain
[2006/05/15 17:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robbie\Application Data\XnView
[2009/08/28 17:17:25 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/09/01 05:44:26 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/10 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/01 23:42:03 | 00,000,930 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4136045624-3029580969-1164144223-1005Core.job
[2009/09/02 07:42:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4136045624-3029580969-1164144223-1005UA.job
[2009/09/02 07:08:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/28 09:18:01 | 00,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Drive C.job
[2009/08/26 09:00:27 | 00,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Drive F.job
[2009/09/01 09:00:37 | 00,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Drive L.job
[2009/08/27 10:45:21 | 00,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Drive M.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 08:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

Extras Report
=============
OTL Extras logfile created on: 9/2/2009 8:27:12 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Robbie\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 51.73 Gb Free Space | 22.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 10.42 Gb Free Space | 1.12% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 559.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.76 Gb Total Space | 4.33 Gb Free Space | 0.93% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 1376.66 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
Drive O: | 3726.04 Gb Total Space | 1762.48 Gb Free Space | 47.30% Space Free | Partition Type: NTFS

Computer Name: ROBBIE
Current User Name: Robbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1146702501\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1146702501\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1146702501\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1146702501\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\WINDOWS\system32\dlcgcoms.exe" = C:\WINDOWS\system32\dlcgcoms.exe:*:Enabled:Dell 810 Server -- ( )
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Documents and Settings\Robbie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Robbie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Robbie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Robbie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\WDBtnMgr.exe" = C:\WINDOWS\system32\WDBtnMgr.exe:*:Enabled:WDBtnMgr -- (Western Digital Technologies, Inc.)
"C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe" = C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe:*:Enabled:ymsgr_tray -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0186F98B-19A2-4791-8ECA-BD7870FD0C65}_is1" = DVD Rebuilder
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}" = CCC Help English
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}" = ccc-core-preinstall
"{1B53AF69-4E7A-4711-842C-6E9E081C6AEB}" = My Book Device Driver
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}" = Catalyst Control Center Core Implementation
"{20110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2D7D9D86-923A-41A8-919F-437332AB1033}" = Nero 7
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}" = Catalyst Control Center Graphics Previews Common
"{47EFDD7A-312F-4D86-80A9-6E88B763C087}" = Tagg
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4C2F992E-32DC-11D4-AC0D-0080C8ECCD31}" = FireNet
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5485E9E5-7B11-47DD-9F06-D04F3DC3A86E}" = 3132-W-I32-Sm SATARAID5
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}" = ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}" = Catalyst Control Center Graphics Light
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}" = Sonic Foundry Sound Forge 6.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}" = Canopus ProCoder 2
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{89486DE4-7CE1-4E2D-BBF0-734F85ACD108}" = Sony Preset Manager 2.0d
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4513A7E-CF21-44D2-0082-E6498D9D70D4}" = NBA LIVE 06
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D9827B2E-E29F-4158-A253-51E40E4AC0A9}" = LanSafe
"{DB6C3449-AD77-4C65-A038-BAC98E4F7536}" = DB Commander 2000 PRO
"{DE31F8AA-B12D-3A38-E561-C657EED45465}" = Catalyst Control Center Graphics Full Existing
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}" = ccc-utility
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}" = Skins
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0BFDB27-7F84-4641-869F-BB5E67D27245}" = My Book RAID Manager
"{F251B61F-9D18-13C4-02EE-71A36343D442}" = Catalyst Control Center Graphics Full New
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore 5.51
"{F98BF160-2B31-4613-BA35-66958F51B97C}" = 3132-W-I32-R SATARAID5
"AC3ACM" = AC-3 ACM Codec
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"ArtistScope Plugin FX 424.2.0.0" = ArtistScope Plugin FX 42
"ATI Display Driver" = ATI Display Driver
"AudioConSole" = Creative Audio Console
"avast!" = avast! Antivirus
"AVG8Uninstall" = AVG Free 8.5
"Avidemux" = Avidemux v2.3.0_plus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Azureus Vuze" = Azureus Vuze
"BeLight" = BeLight
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"CueCard" = CueCard (remove only)
"DivX Codec" = Remove DivX Pro Codec
"dMC AccurateRip" = dMC AccurateRip
"DMX3_is1" = DriverMax 3.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.2.2 (June 26, 2009)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FLAC" = FLAC 1.2.0a (remove only)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore 5.51
"IsoBuster_is1" = IsoBuster 2.2
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemoriesOnTV3_is1" = MemoriesOnTV 3.0.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NBA on TNT mod for NBA LIVE 06 (Part 1)" = NBA on TNT mod for NBA LIVE 06 (Part 1)
"NBA on TNT mod for NBA LIVE 06 (Part 2)" = NBA on TNT mod for NBA LIVE 06 (Part 2)
"NBA on TNT mod for NBA LIVE 06 (Part 3)" = NBA on TNT mod for NBA LIVE 06 (Part 3)
"NBA on TNT mod for NBA LIVE 06 (Part 4)" = NBA on TNT mod for NBA LIVE 06 (Part 4)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PROSet" = Intel® PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Roxio MRFilter" = Roxio EasyWrite Reader
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sound Blaster for Media Center" = Sound Blaster for Media Center
"SyncBack_is1" = SyncBack
"VLC media player" = VLC media player 1.0.0
"VTrain (Vocabulary Trainer)_is1" = VTrain (Vocabulary Trainer) 5.2
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinDriver6.22 USB Driver" = WinDriver6.22 USB Driver
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XGAMING_Arcade_Test_1.0.3" = XGAMING_Arcade_Test 1.2.2
"XnView_is1" = XnView 1.82.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2009 5:45:24 AM | Computer Name = ROBBIE | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.12, faulting module
ad-aware.exe, version 7.1.0.12, fault address 0x00164d6c.

Error - 9/1/2009 8:42:56 AM | Computer Name = ROBBIE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/1/2009 10:54:11 AM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 9/1/2009 11:27:15 AM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 9/1/2009 1:45:45 PM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 9/1/2009 10:22:27 PM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 9/1/2009 11:07:20 PM | Computer Name = ROBBIE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5207.5, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/2/2009 12:55:35 AM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 9/2/2009 3:21:57 AM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 9/2/2009 11:10:41 AM | Computer Name = ROBBIE | Source = Microsoft Office 11 | ID = 1000
Description =

[ System Events ]
Error - 9/1/2009 8:13:53 PM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/1/2009 8:14:19 PM | Computer Name = ROBBIE | Source = Service Control Manager | ID = 7000
Description = The Sansa Updater Service service failed to start due to the following
error: %%2

Error - 9/1/2009 8:15:57 PM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/2/2009 3:32:09 AM | Computer Name = ROBBIE | Source = Service Control Manager | ID = 7000
Description = The Sansa Updater Service service failed to start due to the following
error: %%2

Error - 9/2/2009 3:32:16 AM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/2/2009 3:42:15 AM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/2/2009 3:44:27 AM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/2/2009 10:08:51 AM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/2/2009 10:08:54 AM | Computer Name = ROBBIE | Source = Service Control Manager | ID = 7000
Description = The Sansa Updater Service service failed to start due to the following
error: %%2

Error - 9/2/2009 11:03:38 AM | Computer Name = ROBBIE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >


Thanks so much for your help, I appreciate it much!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP