Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.bho help

Started by oakr8r2 , Sep 18 2009 03:40 PM

  • Please log in to reply

#1
oakr8r2
Posted 18 September 2009 - 03:40 PM

oakr8r2

    New Member

  • Member
  • Pip
  • 1 posts
Hello yesterday and today my laptop which has vista, has been painfully slow. I did malwarebytes scan and it found 9 entries that had something to do with bho. I got rid of it and this morning it was still slow. I did system restore and another malwarebytes scan and it found the same 9. Again I "got rid of it". When I do malwarebytes scan now it doesn't find anything but my laptop is still super slow and I keep getting notifications that windows firewall is off or windows security center is off and it wont let me turn it on.

Here is my rootrepeal and OTL logs. I wont post malwarebytes as it doesn't find anything(maybe I dont have malware and my problem is something else..hopefully one of you experts can determine if that is the case.) Thanks!

I have done all the preparation steps.

OTL log

OTL logfile created on: 9/18/2009 2:18:31 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\DgR\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 42.67% Memory free
3.74 Gb Paging File | 2.67 Gb Available in Paging File | 71.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 167.28 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 0.77 Gb Free Space | 41.59% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINIDANNY
Current User Name: DgR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/04/13 01:09:38 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2009/04/13 01:09:38 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/20 19:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/05/15 02:48:52 | 07,514,656 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/03 19:54:42 | 00,698,912 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/03 19:54:40 | 00,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
PRC - [2009/03/05 00:41:50 | 00,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/04/13 14:28:30 | 00,630,784 | ---- | M] (Chicony) -- C:\Program Files\Video Web Camera\traybar.exe
PRC - [2009/02/27 01:20:48 | 01,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/20 19:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/03/02 19:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/21 14:06:22 | 03,319,808 | ---- | M] (Chicony) -- C:\Program Files\Video Web Camera\CEC_MAIN.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/01 18:25:09 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/18 14:10:39 | 02,022,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/08/26 18:54:32 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/20 19:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/20 19:33:24 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/03 19:54:40 | 00,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
PRC - [2009/02/27 01:20:48 | 00,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/18 14:10:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/09/18 11:10:57 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/09/18 11:10:59 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/18 11:10:59 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/18 11:10:58 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/18 14:10:49 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/18 14:10:49 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/18 12:38:00 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\DgR\Desktop\OTL.exe
PRC - [2008/01/20 19:34:48 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/13 01:09:38 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2009/09/18 11:10:58 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/09/18 14:10:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/03 19:54:40 | 00,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc [Auto | Running])
SRV - [2008/01/20 19:33:18 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 18:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/26 19:06:28 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/19 18:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/06/19 18:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (Norton Internet Security [Auto | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 19:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 19:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...G...0709&m=lt31
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...G...0709&m=lt31

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...G...0709&m=lt31
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mediotiempo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:52:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/18 11:10:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/18 11:11:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/12 19:00:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 19:00:59 | 00,000,000 | ---D | M]

[2009/08/27 17:54:30 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Extensions
[2009/08/27 17:54:30 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/18 11:15:09 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Firefox\Profiles\3b6u2n49.default\extensions
[2009/09/17 18:10:27 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Firefox\Profiles\3b6u2n49.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/17 22:45:08 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Firefox\Profiles\3b6u2n49.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/17 18:10:31 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Firefox\Profiles\3b6u2n49.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/02 15:55:46 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\mozilla\Firefox\Profiles\3bbskn0l.default\extensions
[2009/09/18 11:15:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 19:00:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/17 18:10:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/12 19:00:56 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 19:00:56 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/01 18:25:09 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/12 19:00:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/31 13:44:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/18 11:15:06 | 00,001,498 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\DgR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/18 13:33:41 | 18,774,01600 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/18 13:22:45 | 00,000,000 | ---- | C] () -- C:\Users\DgR\Desktop\settings.dat
[2009/09/18 12:52:13 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/18 12:51:45 | 00,000,735 | ---- | C] () -- C:\Users\DgR\Desktop\NTREGOPT.lnk
[2009/09/18 12:51:45 | 00,000,716 | ---- | C] () -- C:\Users\DgR\Desktop\ERUNT.lnk
[2009/09/18 12:51:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/18 12:47:06 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\DgR\Desktop\erunt_setup.exe
[2009/09/18 12:47:06 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\DgR\Desktop\OTL.exe
[2009/09/18 12:47:06 | 00,472,064 | ---- | C] ( ) -- C:\Users\DgR\Desktop\RootRepeal.exe
[2009/09/18 12:47:06 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\DgR\Desktop\TFC.exe
[2009/09/18 12:47:06 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\DgR\Desktop\SysRestorePoint.exe
[2009/09/18 11:15:07 | 00,000,000 | ---D | C] -- C:\Users\DgR\AppData\Local\AVG Security Toolbar
[2009/09/18 11:11:21 | 41,313,023 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/18 11:11:21 | 00,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.5.lnk
[2009/09/18 11:11:19 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/18 11:11:18 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/09/18 11:11:16 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/18 11:11:15 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/18 11:11:14 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/18 11:11:14 | 00,109,791 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/18 11:11:14 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/18 11:11:13 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/18 11:11:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/18 11:11:11 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2009/09/18 10:11:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/18 10:11:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/17 22:47:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/09/17 22:47:14 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/09/17 20:55:47 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/09/17 13:28:03 | 00,000,680 | ---- | C] () -- C:\Users\DgR\AppData\Local\d3d9caps.dat
[2009/09/17 12:48:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/17 12:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/17 12:20:15 | 00,000,000 | ---D | C] -- C:\Users\DgR\AppData\Roaming\Malwarebytes
[2009/09/17 12:20:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/17 12:20:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/14 14:34:13 | 00,000,000 | ---D | C] -- C:\Users\DgR\Documents\labs
[2009/09/09 14:05:30 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/09 11:43:12 | 00,001,030 | ---- | C] () -- C:\Users\DgR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/09/09 11:42:09 | 00,000,000 | ---D | C] -- C:\Users\DgR\AppData\Roaming\OpenOffice.org
[2009/09/07 17:21:12 | 00,000,000 | ---D | C] -- C:\Users\DgR\Desktop\Watchmen[2009]DvDrip[Eng]-FXG
[2009/09/04 15:00:23 | 00,000,000 | ---D | C] -- C:\Users\DgR\AppData\Roaming\WinRAR
[2009/09/04 14:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

========== Files - Modified Within 14 Days ==========

[2009/09/18 14:04:30 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/18 14:04:30 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/18 13:35:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/18 13:34:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/18 13:33:41 | 18,774,01600 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/18 13:22:45 | 00,000,000 | ---- | M] () -- C:\Users\DgR\Desktop\settings.dat
[2009/09/18 12:51:45 | 00,000,735 | ---- | M] () -- C:\Users\DgR\Desktop\NTREGOPT.lnk
[2009/09/18 12:51:45 | 00,000,716 | ---- | M] () -- C:\Users\DgR\Desktop\ERUNT.lnk
[2009/09/18 12:38:00 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\DgR\Desktop\OTL.exe
[2009/09/18 12:37:38 | 00,472,064 | ---- | M] ( ) -- C:\Users\DgR\Desktop\RootRepeal.exe
[2009/09/18 12:37:04 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\DgR\Desktop\erunt_setup.exe
[2009/09/18 12:36:34 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\DgR\Desktop\SysRestorePoint.exe
[2009/09/18 12:36:22 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\DgR\Desktop\TFC.exe
[2009/09/18 11:14:08 | 41,313,023 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/18 11:13:13 | 00,109,791 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/18 11:12:35 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/18 11:12:35 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/18 11:12:34 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/18 11:11:21 | 00,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.5.lnk
[2009/09/18 11:11:19 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/18 11:11:18 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/09/18 11:11:16 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/18 11:11:15 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/18 11:11:14 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/18 11:11:14 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/18 11:11:14 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/17 13:28:03 | 00,000,680 | ---- | M] () -- C:\Users\DgR\AppData\Local\d3d9caps.dat
[2009/09/13 21:50:35 | 00,008,192 | ---- | M] () -- C:\Users\DgR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/09 11:43:12 | 00,001,030 | ---- | M] () -- C:\Users\DgR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

========== LOP Check ==========

[2009/09/17 18:10:27 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming
[2009/08/26 18:56:06 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\ATI
[2009/09/17 18:10:27 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\OpenOffice.org
[2009/09/17 18:10:36 | 00,000,000 | ---D | M] -- C:\Users\DgR\AppData\Roaming\uTorrent
[2009/09/18 13:35:55 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/18 12:42:01 | 00,031,718 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/20 19:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

Extras Log

OTL Extras logfile created on: 9/18/2009 2:18:31 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\DgR\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 42.67% Memory free
3.74 Gb Paging File | 2.67 Gb Available in Paging File | 71.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 167.28 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 0.77 Gb Free Space | 41.59% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINIDANNY
Current User Name: DgR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E78DAAA-1F33-4497-BAAE-8F3F7EB23010}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40233716-A4E9-467B-A743-0CBD524CE944}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{419E1ACA-2FE8-412A-A4C5-6CFEC8FD8B40}" = lport=445 | protocol=6 | dir=in | app=system |
"{49A26E19-D486-4D6A-ACC7-8EBB0B25A7E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B9216E0-BEDA-4531-A492-395F1D715972}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DAB9956-F624-44D9-8B90-F943C42AF63B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5B85C3E5-2FE8-4B2D-8A46-A2E74E09AD43}" = rport=137 | protocol=17 | dir=out | app=system |
"{5DBA4D94-3174-408A-BCFA-D67BAC032045}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E3177B0-0248-42A7-941E-515CF1CF1362}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D5ABA8C-0BD6-413A-9FF8-A97D64418083}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{74E02CF0-9A83-4084-8A47-E6A6DEA66D1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{75C5C171-A4A8-40B4-B577-E30F087A634A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{80492F70-50FA-4D7D-AAD5-52E9B12EA47D}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D707764-9856-46A3-A2B2-59F313D4C667}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9411B3F2-DAD2-412E-B775-6E2FAB2A8DF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F97DF27-E41F-4BC9-8B5B-B4D630C4E8A4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A7B86202-FB09-46A6-B8B6-EC3B06F30113}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6B8ECA6-E62E-4A36-9A50-F8E196DC6CE1}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6EDAD50-C227-4542-A409-CA9363550CD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6D94864-EE6C-46DA-B907-059875DCA5A3}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052023CD-AAEB-4D11-9865-6DD47687EF93}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0B46A6DF-6EFB-4FB1-A021-5FFE5F3D8565}" = protocol=58 | dir=out | [email protected],-28546 |
"{1168DB29-58D9-42CF-9A95-29A54490ABF4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E4AD6D4-3295-4283-A2C4-EEC0EBF1F32C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{257FA5B8-C8B8-4976-BC98-B464C80C6E3C}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{2A3D641C-7BF9-4216-A415-B6BB00CBBF86}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{4128F27E-2D86-44F8-BF55-FB3DC56B8100}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{528F42B1-3CCC-451F-93FA-4914E248A97C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{56C6C4BB-D2DE-43E1-9BF2-F2BCB6A341F8}" = protocol=58 | dir=in | [email protected],-28545 |
"{614493E4-C365-4D77-B1BB-9DF60083EC78}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe |
"{62BA85CE-5529-48FD-AA8F-8E0E689B6AE8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{78F19BF9-35E8-4119-84FF-3D1BD8B98511}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84A4DE96-44B4-4B6E-BC0D-B6EEF4DAEF31}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87D1504E-26B1-45B6-833B-7F63DCD8D22E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8ED16EF9-1D3F-4A4C-A854-6B84E007E8AF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A777F813-A10B-4777-A9BB-E1BE5A3EB779}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8DCD57D-5E9E-46B8-A065-EDE71EC01E4B}" = protocol=1 | dir=out | [email protected],-28544 |
"{C62E52F0-8E87-4759-83C0-D451985894EE}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{D1E2D174-564D-41A8-A9C0-BF03BCC617E1}" = protocol=1 | dir=in | [email protected],-28543 |
"{E1341575-60AD-484E-90A8-322D93D58B78}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe |
"{E98656A3-2E17-4C25-AC11-ED05F1A0899D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{3DF7D19A-AF5C-46E9-8BDB-68E4A3F55140}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{62CDA36C-1998-4A74-9142-2906CB9D3777}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"TCP Query User{BC8BE3A2-0BCE-4B20-AD81-B3130645C656}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{085AC12F-4865-4A35-9CD0-66DBED7BE741}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{085DE072-9055-4D3C-8730-BE9FD9CBDB7E}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{D340D917-F210-4503-9EC0-D7FB363C8AF5}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{018A88B1-6F0F-48A5-210D-EB8776706CCA}" = CCC Help Swedish
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BAF78D1-69BF-2734-D952-B79D42961FDB}" = ccc-utility
"{10900AE6-B342-252A-B2FC-78BF8A1E6E94}" = CCC Help Chinese Traditional
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{175CA6A9-D186-7364-98AC-F2FD3C10B989}" = CCC Help Korean
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A5F0A4-3B06-32E2-71F5-5CE614F967BD}" = CCC Help Polish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25291AC0-732A-2E99-A007-C4F3BA246068}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{26B1400D-4637-FFEF-BA49-1813EB3EE06A}" = CCC Help Hungarian
"{2FA943B7-D3AA-E516-E067-7E79C1088A5F}" = Catalyst Control Center Graphics Light
"{31B4B704-2F4B-1876-EF11-5B809254B625}" = Catalyst Control Center Graphics Full New
"{353575D2-09C8-AEEE-ABAC-6C0D6786B0AD}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{4426BC0B-BE43-103A-AF5F-9BA852F1E6F6}" = CCC Help Finnish
"{44C5D857-6256-E9E0-7143-7F60FE6A40B1}" = CCC Help Portuguese
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{55AB440C-1731-BCD7-3C17-BF88623281A3}" = CCC Help Czech
"{5AA5D018-3CE8-BF07-8F73-273813033BF0}" = ccc-core-static
"{5E7A804C-F17B-B350-C5AD-E05F6D4DF8E0}" = Catalyst Control Center Localization All
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{702FCE5F-9F46-6A9D-C0E9-BBD1961C1289}" = Catalyst Control Center Graphics Full Existing
"{719D58EE-F0E3-080C-A05D-B7CAA73D9FB3}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DD723D2-6EE7-921E-30CC-1CC978863D33}" = CCC Help French
"{9EEC679B-0B00-AAF4-89FF-27D42E07CA1F}" = CCC Help Thai
"{A0D28789-B776-F8F1-5D4C-BA356A64E129}" = CCC Help Danish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA9C4932-58C9-A246-A109-4113036B26C7}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3847DA5-6D15-11CF-5DB1-0E951B8FC108}" = Catalyst Control Center Core Implementation
"{B850411A-CFBD-05E7-7715-50778DF09645}" = CCC Help Chinese Standard
"{BFA8E721-8AD6-9FD6-2C54-EF10C5CA4ABA}" = Catalyst Control Center InstallProxy
"{C1624182-2CCF-34B3-B239-3317AB08F268}" = CCC Help Turkish
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8687C93-4ED9-4135-B60B-EB3001F279D3}" = CCC Help Norwegian
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC8951D5-0A26-E295-B9E4-942D3F79F1CA}" = CCC Help Japanese
"{DD05BA5D-6975-8C14-8B4C-FB1A11914EB0}" = CCC Help German
"{E0D05EB0-8072-A032-4E36-D1A703E0EB90}" = CCC Help English
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E46570A6-C80C-F147-2543-577447FEC7AB}" = ATI Catalyst Install Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9CCD686-35A6-1D41-CEA2-8913EDFABC5C}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.1
"AVG8Uninstall" = AVG 8.5
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Gateway Screensaver" = Gateway ScreenSaver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2009 3:06:20 PM | Computer Name = MiniDanny | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/4/2009 3:06:23 PM | Computer Name = MiniDanny | Source = WinMgmt | ID = 10
Description =

Error - 9/4/2009 6:16:33 PM | Computer Name = MiniDanny | Source = EventSystem | ID = 4621
Description =

Error - 9/5/2009 1:47:00 PM | Computer Name = MiniDanny | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2009 1:47:00 PM | Computer Name = MiniDanny | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2009 1:47:02 PM | Computer Name = MiniDanny | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2009 1:47:02 PM | Computer Name = MiniDanny | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2009 1:47:03 PM | Computer Name = MiniDanny | Source = WinMgmt | ID = 10
Description =

Error - 9/5/2009 5:10:52 PM | Computer Name = MiniDanny | Source = WinMgmt | ID = 10
Description =

Error - 9/5/2009 5:51:18 PM | Computer Name = MiniDanny | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 8/27/2009 10:18:13 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7009
Description =

Error - 8/27/2009 10:18:13 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7000
Description =

Error - 8/27/2009 10:23:04 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7009
Description =

Error - 8/27/2009 10:23:04 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7000
Description =

Error - 8/27/2009 10:23:05 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7009
Description =

Error - 8/27/2009 10:23:05 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7000
Description =

Error - 8/27/2009 10:44:06 AM | Computer Name = MiniDanny | Source = HTTP | ID = 15016
Description =

Error - 8/27/2009 10:44:31 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7000
Description =

Error - 8/27/2009 10:44:31 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7000
Description =

Error - 8/27/2009 10:44:31 AM | Computer Name = MiniDanny | Source = Service Control Manager | ID = 7026
Description =


< End of report >

And finally Rootrepeal

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/18 14:32
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8B6A6000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8B69B000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x98557000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!

==EOF==
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP