Running XP SP2, Avira AntiVir Personal Free, and Windows Defender but still got a load of malware that seemed to show up all at once. With the Avira I was able to quarantine Sasfis.imh.1, Dldr.Stration.Gen, and Malicious.PDF.Gen. According to Avira I am still left with a PCk.Tdss.Y.33 and 5 instances of Alueron.BF.2, which are detected during an "Active Processes" scan. I am allowed to delete or quaratine them, but then the machine automatically reboots and they are back after the reboot.
I am being buried by pop-ups related to "Advanced Virus Remover". I understand these are bogus and I try to just close them, but I have the feeling I'm losing,(the numbers of occurences seem to be increasing). The option to show hidden files is removed, file extensions have been removed, I cannot access Task Manager, I cannot get a command prompt, cannot access regedit, and browser searches seem not quite right. Prior to coming to your site I tried loading Malwarebytes' AntiMalware. I got it to load by changing the name of the .exe, (although it hung for several minutes during installation). It appears to be installed, but will not execute from the shortcut or the start menu.
I did what I could from your removal guide- TFC,System Restore,ERUNT. Malwarebytes won't run, Windows Update cannot be accessed. RootRepeal and OTC logs are below. Feels like quite a mess, I would be quite grateful for any direction you could lend.
Thank you in advance
OOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/19 11:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA521000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DC1000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9CD6000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACsxkxradeer.sys
==EOF==
OTL logfile created on: 9/19/2009 12:45:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 592.33 Mb Available Physical Memory | 58.41% Memory free
1.63 Gb Paging File | 1.22 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.57 Gb Free Space | 7.63% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 22.28 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/09/28 21:26:04 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/03 16:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/16 16:31:26 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/09/17 22:51:37 | 00,044,970 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winupdate.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/09/17 22:53:38 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc32.exe
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
PRC - [2009/06/29 01:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\nzfiu3h78di.dll) - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\nzfiu3h78di.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [jamiridov] C:\WINDOWS\System32\pafiloha.DLL ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WIndows Rescue Disk] C:\DOCUME~1\Joelle\LOCALS~1\Temp\win.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....ood/Coupons.cab (cpbrkpie Control)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\pafiloha.dll) - C:\WINDOWS\System32\pafiloha.dll ()
O20 - AppInit_DLLs: (rigagine.dll) - C:\WINDOWS\System32\rigagine.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: haneyohiw - {18f09260-1120-4996-af13-f8cb50ec97e1} - C:\WINDOWS\System32\pafiloha.dll ()
O22 - SharedTaskScheduler: {18f09260-1120-4996-af13-f8cb50ec97e1} - tokatiluy - C:\WINDOWS\System32\pafiloha.dll ()
O22 - SharedTaskScheduler: {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - ksfe98wjkodsngiwiojndg873hundggdd - C:\WINDOWS\System32\nzfiu3h78di.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnnNGAs) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/31 19:29:51 | 00,000,067 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell - "" = AutoRun
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell - "" = AutoRun
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3adb29fc-5ce8-11d9-8a2c-0011113f8645}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autofred.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:57:35 | 00,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk
[2009/09/19 11:57:35 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protection System.lnk
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:33:13 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/19 04:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/09/19 03:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/09/19 02:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/09/19 01:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/09/18 23:55:29 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\Advanced Virus Remover.lnk
[2009/09/18 23:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\AdvancedVirusRemover
[2009/09/18 02:15:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/09/17 23:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/09/17 22:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12505464
[2009/09/17 22:52:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/09/17 22:49:19 | 00,201,328 | ---- | C] (Unknown Corporation) -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/17 22:46:19 | 00,049,664 | ---- | C] () -- C:\vhlyrkv.exe
[2009/09/17 22:46:19 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\nzfiu3h78di.dll
[2009/09/17 22:46:12 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/17 22:46:11 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2009/09/06 10:35:09 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:19 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc
========== Files - Modified Within 14 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[2009/09/19 12:44:10 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 12:36:55 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/19 12:36:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/09/19 12:36:55 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/19 12:22:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/09/19 12:22:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/19 12:22:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/19 12:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gydurryy.job
[2009/09/19 11:57:35 | 00,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk
[2009/09/19 11:57:35 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protection System.lnk
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:49:57 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\fawenuto.dll
[2009/09/19 11:49:30 | 00,983,076 | -HS- | M] () -- C:\WINDOWS\System32\jukaraso.exe
[2009/09/19 11:49:27 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\pafiloha.dll
[2009/09/19 11:49:27 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\buyoziyi.dll
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:27:41 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\Advanced Virus Remover.lnk
[2009/09/19 11:26:56 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 10:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/09/19 09:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/09/19 08:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/09/19 07:48:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/09/19 06:48:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/18 23:49:51 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\guyuzera.dll
[2009/09/18 23:49:21 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\mekijoru.dll
[2009/09/18 23:49:20 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\buvoyaki.dll
[2009/09/17 22:51:37 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\pegatijo.dll
[2009/09/17 22:49:21 | 00,201,328 | ---- | M] (Unknown Corporation) -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/17 22:46:20 | 00,049,664 | ---- | M] () -- C:\vhlyrkv.exe
[2009/09/17 22:46:19 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nzfiu3h78di.dll
[2009/09/17 22:46:12 | 00,103,424 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/09/17 22:46:12 | 00,011,776 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/06 10:35:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:20 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc
========== LOP Check ==========
[2009/09/19 05:15:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/17 23:12:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\12505464
[2009/07/26 13:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2007/12/22 17:06:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/11/30 07:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/03 19:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/07 11:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/14 16:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/13 15:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/09 08:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/19 18:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 18:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/11/30 06:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/12/22 17:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/31 19:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/13 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/13 15:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/07 11:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/27 20:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2006/08/24 09:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2009/01/27 20:29:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joelle\Application Data
[2008/12/16 08:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Amazon
[2005/03/29 21:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ArcSoft
[2009/05/24 09:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Audacity
[2008/01/22 08:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Canon
[2008/03/03 22:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Corel
[2004/12/17 22:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\CyberLink
[2009/09/07 11:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2008/03/16 22:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Intuit
[2004/12/17 22:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Leadertech
[2009/01/27 11:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Move Networks
[2009/09/13 10:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\RipIt4Me
[2007/12/22 17:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ScanSoft
[2007/09/08 23:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Snapfish
[2007/08/29 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\SoundSpectrum
[2008/09/03 22:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\U3
[2009/01/27 20:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Verizon
[2006/08/29 22:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\YAMAHA
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/19 12:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\gydurryy.job
[2009/09/19 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/19 12:22:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/09/17 22:46:20 | 00,049,664 | ---- | M] () -- C:\vhlyrkv.exe
< %systemroot%\system32\eventlog.dll >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EVENTLOG.DLL
[3 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\system32\scecli.dll >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\SCECLI.DLL
[3 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
OTL Extras logfile created on: 9/19/2009 12:45:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 592.33 Mb Available Physical Memory | 58.41% Memory free
1.63 Gb Paging File | 1.22 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.57 Gb Free Space | 7.63% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 22.28 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"D:\launcher\ENC2.EXE" = D:\launcher\ENC2.EXE:*:Disabled:Encore -- File not found
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album Application -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe" = C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe:*:Enabled:StxMenuMgr -- (Seagate LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{21F792EB-0B7F-476D-A98E-83927CA179F3}" = Garfield K Math Readiness
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{27664F6E-2F86-4D5B-BC44-E33C14B6AC03}" = YAMAHA Digital Music Notebook
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42FE04ED-8E4C-11D5-BA72-0048546FEA44}" = Reading Basics
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6856E07D-9B6D-4B17-B0EF-593BDED87B4D}" = Daycare Nightmare
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7BE8EBFD-90AA-11D5-BA72-0048546FEA44}" = Ernie's Adventures in Space
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E77D20-647C-40E2-B69B-C120D4D58190}" = G5a922EN
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F12F5528-8AE7-49DD-B883-4D469C5C211F}" = DeLorme Topo USA 8.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"3DGroove" = 3D Groove Playback Engine
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Arthur's Birthday" = Arthur's Birthday
"Arthur's Teacher Trouble" = Arthur's Teacher Trouble
"Arthur's Thinking Games" = Arthur's Thinking Games
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Audacity_is1" = Audacity 1.2.4
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVIConverter" = AVIConverter CHN-EN Package
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blue's Art Time Activities" = Blue's Art Time Activities
"BluesCluesKindergartenDKey" = Blue's Kindergarten
"Candy Land" = Candy Land
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Dreamship Tales" = Dreamship Tales
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EESInst 99" = Encarta Encyclopedia 99
"ERUNT_is1" = ERUNT 1.1j
"Eyewitness Encyclopedia of Nature 2.0" = Eyewitness Encyclopedia of Nature 2.0
"Free Realms Installer" = Free Realms Installer
"FreeWX-Wi_is1" = FreeWX-Wi 1.01
"Gamevance" = Gamevance
"G-Force" = G-Force
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JSLG_ABC" = JumpStart Learning Games ABC's
"Just Grandma and Me" = Just Grandma and Me
"LBT Preschool Adventure" = LBT Preschool Adventure
"Leap Ahead Phonics Ages 4-7" = Leap Ahead Phonics Ages 4-7
"Logical Journey of the Zoombinis V1.1.0" = Logical Journey of the Zoombinis V1.1.0
"Mad About Cats" = Mad About Cats
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Millie and Bailey Kindergarten" = Millie and Bailey Kindergarten
"Miss Spider" = Miss Spider
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Muti ID3 Tag Editor" = Alex Buturuga - Muti ID3 Tag Editor 1.3b1
"MyWaySearchAssistantDE" = My Way Search Assistant
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"Protection System" = Protection System
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
"Read4632.exe" = Reader Rabbit's Reading Ages 4-6
"Reader Rabbit Kindergarten" = Reader Rabbit Kindergarten
"RipIt4Me" = RipIt4Me
"rrm46_32.exe" = Reader Rabbit's Math Ages 4-6
"rrpw32.exe" = Reader Rabbit's Preschool
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Scholastic's I SPY Spooky Mansion" = Scholastic's I SPY Spooky Mansion
"Scooby-Doo, Phantom of the Knight" = Scooby-Doo, Phantom of the Knight
"SearchLearnAdventures" = Sesame Street Search & Learn Adventures
"SHRThinkingGames" = Schoolhouse Rock Thinking Games
"SideStep" = SideStep
"Train Simulator 1.0" = Microsoft Train Simulator
"TurboTax 2005" = TurboTax 2005
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2007" = TurboTax Premier 2007
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Visioneer Digital Camera Utility" = Visioneer Digital Camera Utility
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/18/2009 9:30:48 PM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/18/2009 9:30:48 PM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 9/19/2009 1:11:35 AM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/19/2009 1:11:35 AM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 9/19/2009 1:29:50 AM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/19/2009 1:29:50 AM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 9/19/2009 8:29:58 AM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/19/2009 8:29:58 AM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 9/19/2009 3:11:29 PM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 9/19/2009 3:11:30 PM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 9/19/2009 2:39:05 AM | Computer Name = DGQ6G561 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/19/2009 2:40:03 AM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv
Error - 9/19/2009 2:00:12 PM | Computer Name = DGQ6G561 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 9/19/2009 2:16:23 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Scheduler service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 9/19/2009 2:16:23 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Guard service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 9/19/2009 2:16:25 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7034
Description = The Seagate Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/19/2009 2:16:25 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).
Error - 9/19/2009 2:16:25 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 9/19/2009 3:02:14 PM | Computer Name = DGQ6G561 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
< End of report >