Fake Antivirus infection, have google redirects, vocal advertising, mo - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Fake Antivirus infection, have google redirects, vocal advertising, mo Cannot run Malwarebytes or Spybot

#1 compu911

  • Group: Member
  • Posts: 7
  • Joined: 27-September 09

Posted 27 September 2009 - 08:16 PM

I have followed all steps in the Malware and Spyware Cleaning Guide.

However I can't run Malwarebytes nor Spybot. I was able to install them, just can't run them.

Windows update shows that the only updates remain is the .NET Framework SP1. I have attempted to install these, but the computer freezes when I try to install them.

I have the google URL redirects to bogus websites.

I have vocal advertising coming through my speakers without a known source.

The computer is XP Home SP3.


Here is my RootRepeal.txt log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/27 18:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF7683000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7614000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF6966000 Size: 127808 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF795B000 Size: 19360 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF554C000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF76D3000 Size: 42368 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xF6C51000 Size: 1204128 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Address: 0xF77B3000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF75CC000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7D29000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xF53C0000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF793B000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xF5596000 Size: 101888 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B91000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A73000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7823000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF7883000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF76C3000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF76B3000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF78D3000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5380000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BAB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF56B6000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D2B000 Size: 4096 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF79F3000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77E3000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7A3B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF75AC000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B8F000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF75E4000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF78B3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF77F3000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7A4B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7B0F000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB988B000 Size: 264832 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF78C3000 Size: 42112 File Visible: - Signed: -
Status: -

Name: InCDFs.sys
Image Path: C:\WINDOWS\system32\drivers\InCDFs.sys
Address: 0xF5656000 Size: 113664 File Visible: - Signed: -
Status: -

Name: InCDPass.sys
Image Path: C:\WINDOWS\system32\drivers\InCDPass.sys
Address: 0xF79FB000 Size: 31360 File Visible: - Signed: -
Status: -

Name: InCDRec.sys
Image Path: C:\WINDOWS\system32\drivers\InCDRec.sys
Address: 0xF746F000 Size: 10624 File Visible: - Signed: -
Status: -

Name: InCDRm.sys
Image Path: C:\WINDOWS\system32\drivers\InCDRm.sys
Address: 0xF78A3000 Size: 33024 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF7863000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF55AF000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF562E000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7663000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7A23000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF684D000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B63000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB84CD000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF6C1A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7583000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B93000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF79EB000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7A2B000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF7B13000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7693000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xBA3C3000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF5411000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A5B000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF7743000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7B43000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF74AF000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF74C9000 Size: 182656 File Visible: - Signed: -
Status: -

Name: NDISRD.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDISRD.SYS
Address: 0xF7933000 Size: 24576 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7B37000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xBA6D0000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF68F1000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7763000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF77C3000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF556E000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Address: 0xF7703000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A63000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF74F6000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C86000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 6111232 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xF6E26000 Size: 6557408 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7673000 Size: 61696 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF6C3D000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF78EB000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7BDF000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7603000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7C2B000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF78E3000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF6986000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF6818000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7A13000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF7AFB000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF7713000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF7723000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF7733000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7A1B000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF5481000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B95000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF7893000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8F62000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RT61.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RT61.sys
Address: 0xF6D77000 Size: 483968 File Visible: - Signed: -
Status: -

Name: senfilt.sys
Image Path: C:\WINDOWS\system32\drivers\senfilt.sys
Address: 0xF6908000 Size: 381056 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7B23000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF7873000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sf.sys
Image Path: C:\WINDOWS\system32\drivers\sf.sys
Address: 0xF7A03000 Size: 32032 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF69AA000 Size: 259648 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF759A000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xBA0F1000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7B89000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB9DF9000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF55D5000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7A0B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF7753000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xBA089000 Size: 97280 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF67BA000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7943000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B85000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF79E3000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF7773000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF6DEE000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF79DB000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7A53000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6E12000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF76A3000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF77A3000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF794B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB9D2C000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7B65000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -






AND

Here is my OTL.Txt log:

OTL logfile created on: 9/27/2009 7:06:14 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Edwina\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.67 Mb Total Physical Memory | 384.78 Mb Available Physical Memory | 37.62% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 912.75 Gb Free Space | 97.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDWINA-HOME
Current User Name: Edwina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/08/26 19:02:24 | 00,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/16 22:19:30 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/16 22:19:35 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 22:19:34 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/20 13:34:04 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2009/08/16 22:19:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 22:19:35 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/07/27 13:48:04 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/06 08:27:56 | 00,860,160 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
PRC - [2009/08/16 22:19:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/06/25 08:47:24 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:02 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/20 13:25:58 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2009/05/10 19:43:09 | 00,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/17 15:02:50 | 01,114,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/09/27 19:04:09 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edwina\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/08/26 19:02:24 | 00,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/16 22:19:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/16 22:19:30 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/07 00:07:22 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9fed198a58898 [Auto | Stopped])
SRV - [2009/07/07 00:06:39 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/20 13:34:04 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - File not found -- -- (NeroRegInCDSrv [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/29 18:39:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 11:38:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/27 00:03:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/22 22:27:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/22 22:27:48 | 00,000,000 | ---D | M]

[2009/04/25 15:09:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edwina\Application Data\mozilla\Extensions
[2009/04/25 15:09:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edwina\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 17:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edwina\Application Data\mozilla\Firefox\Profiles\yxxc82hj.default\extensions
[2009/09/04 10:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edwina\Application Data\mozilla\Firefox\Profiles\yxxc82hj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/27 17:51:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/22 22:27:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/27 00:03:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/27 17:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/22 22:27:39 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/22 22:27:39 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/22 22:27:41 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/27 12:26:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/27 12:26:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/27 12:26:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/27 12:26:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/27 12:26:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/27 12:26:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/27 12:26:53 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/22 22:27:44 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/22 22:27:44 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/22 22:27:44 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/22 22:27:44 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/22 22:27:44 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/22 22:27:44 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/22 22:27:44 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1240693047773 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\gpghaehu: DllName - C:\Documents and Settings\Edwina_2\Application Data\gpghaehu.dll - C:\Documents and Settings\Edwina_2\Application Data\gpghaehu.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/25 13:29:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a4439ea-36ce-11de-b868-000cf1ab5727}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{4475f50a-31da-11de-b614-b41254449d55}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 08:06:19 | 00,017,666 | ---- | C] () -- C:\WINDOWS\System32\25653h9cktzol1bf.dll
[2009/12/25 02:52:22 | 00,013,846 | ---- | C] () -- C:\WINDOWS\998downloadzr55.cpl
[2009/12/24 00:19:57 | 00,014,217 | ---- | C] () -- C:\WINDOWS\System32\5310tr9j57z.bin
[2009/12/23 11:30:54 | 00,015,420 | ---- | C] () -- C:\WINDOWS\55z6s9y74d.exe
[2009/12/22 11:04:48 | 00,011,096 | ---- | C] () -- C:\WINDOWS\System32\za5spyw9re1168.ocx
[2009/12/22 06:05:51 | 00,014,052 | ---- | C] () -- C:\WINDOWS\System32\10ezthief1952.dll
[2009/12/22 03:36:21 | 00,003,839 | ---- | C] () -- C:\WINDOWS\56961spz70.cpl
[2009/12/18 19:36:32 | 00,014,535 | ---- | C] () -- C:\WINDOWS\System32\91455spy4zb.cpl
[2009/12/18 15:38:29 | 00,013,464 | ---- | C] () -- C:\WINDOWS\System32\9688w5rm499z.exe
[2009/12/18 07:16:59 | 00,006,746 | ---- | C] () -- C:\WINDOWS\3599downloaderz082.cpl
[2009/12/13 18:07:27 | 00,014,809 | ---- | C] () -- C:\WINDOWS\System32\1db5ir699z.dll
[2009/12/13 05:37:47 | 00,004,058 | ---- | C] () -- C:\WINDOWS\300ad59nlozder1322.cpl
[2009/12/12 15:21:26 | 00,012,171 | ---- | C] () -- C:\WINDOWS\System32\1z364wor5229.exe
[2009/12/08 05:00:14 | 00,010,050 | ---- | C] () -- C:\WINDOWS\System32\19661v5rzs729.bin
[2009/12/07 03:59:39 | 00,012,852 | ---- | C] () -- C:\WINDOWS\1414559oj5fz.cpl
[2009/12/06 18:47:29 | 00,002,553 | ---- | C] () -- C:\WINDOWS\System32\2zd5b9ckdoor1036.exe
[2009/12/05 08:19:48 | 00,008,651 | ---- | C] () -- C:\WINDOWS\System32\90af5iz1145.ocx
[2009/12/03 03:48:46 | 00,008,993 | ---- | C] () -- C:\WINDOWS\19719zpyf5.exe
[2009/12/02 22:04:23 | 00,015,104 | ---- | C] () -- C:\WINDOWS\18346not9z-5irus286.dll
[2009/12/01 09:46:19 | 00,003,056 | ---- | C] () -- C:\WINDOWS\2z560spa9bot405.dll
[2009/11/26 08:02:33 | 00,017,668 | ---- | C] () -- C:\WINDOWS\System32\3dz5backdoor2349.bin
[2009/11/25 07:24:29 | 00,004,104 | ---- | C] () -- C:\WINDOWS\System32\27594v9rzs5135.bin
[2009/11/22 10:19:57 | 00,010,447 | ---- | C] () -- C:\WINDOWS\z768threat169065.exe
[2009/11/21 18:12:57 | 00,016,716 | ---- | C] () -- C:\WINDOWS\System32\8532z5r927e.bin
[2009/11/21 05:57:37 | 00,017,355 | ---- | C] () -- C:\WINDOWS\91dbstzal2635.dll
[2009/11/20 21:45:36 | 00,014,223 | ---- | C] () -- C:\WINDOWS\16381troj9dz5.bin
[2009/11/15 00:05:31 | 00,015,207 | ---- | C] () -- C:\WINDOWS\System32\2601295y4z4.cpl
[2009/11/14 16:15:55 | 00,002,881 | ---- | C] () -- C:\WINDOWS\184z5tro93e.ocx
[2009/11/14 07:20:55 | 00,008,703 | ---- | C] () -- C:\WINDOWS\System32\50c4d9wnloader247z.ocx
[2009/11/11 08:35:03 | 00,004,337 | ---- | C] () -- C:\WINDOWS\System32\z239viru526f.bin
[2009/11/11 07:41:40 | 00,017,106 | ---- | C] () -- C:\WINDOWS\System32\74359aczdoor1319.exe
[2009/11/10 11:35:04 | 00,007,867 | ---- | C] () -- C:\WINDOWS\System32\6691tr5z2e4.ocx
[2009/11/09 17:56:12 | 00,015,810 | ---- | C] () -- C:\WINDOWS\System32\35c99ir30z6.ocx
[2009/11/09 11:02:06 | 00,015,763 | ---- | C] () -- C:\WINDOWS\5983spy105z.cpl
[2009/11/08 04:27:14 | 00,003,577 | ---- | C] () -- C:\WINDOWS\3dc2azdware97245.exe
[2009/11/06 19:55:06 | 00,008,137 | ---- | C] () -- C:\WINDOWS\6e43downloa9er2535z.dll
[2009/11/06 02:02:37 | 00,015,100 | ---- | C] () -- C:\WINDOWS\System32\3cedspa9sz2589.ocx
[2009/11/04 08:07:52 | 00,016,187 | ---- | C] () -- C:\WINDOWS\System32\3558vizus945.exe
[2009/11/03 00:00:22 | 00,009,974 | ---- | C] () -- C:\WINDOWS\z840t9r5at10351.dll
[2009/11/02 17:53:37 | 00,016,531 | ---- | C] () -- C:\WINDOWS\System32\25599vzru588.cpl
[2009/11/02 00:35:58 | 00,014,396 | ---- | C] () -- C:\WINDOWS\6c5downloaz9r2977.ocx
[2009/10/28 00:57:08 | 00,004,744 | ---- | C] () -- C:\WINDOWS\6781vir9ze85.dll
[2009/10/26 20:36:45 | 00,011,328 | ---- | C] () -- C:\WINDOWS\55931spa9bzt738.bin
[2009/10/26 04:08:04 | 00,010,486 | ---- | C] () -- C:\WINDOWS\28690troz151.ocx
[2009/10/25 21:02:33 | 00,009,723 | ---- | C] () -- C:\WINDOWS\426bbackd95z342.bin
[2009/10/25 20:02:19 | 00,016,903 | ---- | C] () -- C:\WINDOWS\59cbzh9eat14059.bin
[2009/10/25 11:07:48 | 00,005,895 | ---- | C] () -- C:\WINDOWS\e69thzef2569.exe
[2009/10/24 12:46:35 | 00,013,697 | ---- | C] () -- C:\WINDOWS\System32\295395pyz21.ocx
[2009/10/23 21:45:19 | 00,003,813 | ---- | C] () -- C:\WINDOWS\System32\6989w5zm924.bin
[2009/10/20 12:53:24 | 00,004,426 | ---- | C] () -- C:\WINDOWS\6c53addz9re1419.bin
[2009/10/20 12:26:08 | 00,013,519 | ---- | C] () -- C:\WINDOWS\System32\995bspars53125z.ocx
[2009/10/17 14:54:15 | 00,005,010 | ---- | C] () -- C:\WINDOWS\979dzwnload5r2596.cpl
[2009/10/17 14:33:36 | 00,010,253 | ---- | C] () -- C:\WINDOWS\System32\38305i9z49.ocx
[2009/10/17 06:55:06 | 00,017,168 | ---- | C] () -- C:\WINDOWS\System32\77c85t9al20z0.cpl
[2009/10/13 01:28:59 | 00,004,609 | ---- | C] () -- C:\WINDOWS\90555troj6z1.exe
[2009/10/12 23:22:05 | 00,004,624 | ---- | C] () -- C:\WINDOWS\5a7aaddwa9ez06.bin
[2009/10/10 11:56:20 | 00,012,693 | ---- | C] () -- C:\WINDOWS\System32\624backdooz1955.cpl
[2009/10/10 01:53:01 | 00,009,061 | ---- | C] () -- C:\WINDOWS\System32\3109znot-a-5iru936.bin
[2009/10/08 13:54:03 | 00,002,637 | ---- | C] () -- C:\WINDOWS\System32\5cz5thief21349.cpl
[2009/10/06 12:36:28 | 00,016,259 | ---- | C] () -- C:\WINDOWS\System32\31z5addware1529.cpl
[2009/10/02 12:35:54 | 00,009,755 | ---- | C] () -- C:\WINDOWS\System32\a9c9ownlozde52527.bin
[2009/10/01 23:58:06 | 00,006,187 | ---- | C] () -- C:\WINDOWS\7z6ab5ckdoor3955.ocx
[2009/09/27 19:04:57 | 00,023,831 | ---- | C] () -- C:\Documents and Settings\Edwina\Desktop\help.rtf
[2009/09/27 18:30:31 | 00,000,000 | ---D | C] -- C:\9324cff4cb939497271c783b
[2009/09/27 18:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/27 18:13:32 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Edwina\Desktop\NTREGOPT.lnk
[2009/09/27 18:13:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Edwina\Desktop\ERUNT.lnk
[2009/09/27 18:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/27 17:30:06 | 00,000,000 | ---D | C] -- C:\7b0ea721a0efa6532cc6174a
[2009/09/27 17:19:06 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 17:19:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/27 17:19:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/27 17:19:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/27 17:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/27 17:07:22 | 00,136,382 | ---- | C] ( ) -- C:\Documents and Settings\Edwina\Desktop\fr33.exe
[2009/09/27 17:01:20 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Edwina\Desktop\Spybot - Search & Destroy.lnk
[2009/09/27 17:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/27 17:01:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/09/27 16:55:51 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Edwina\Desktop\botbot.exe.exe
[2009/09/27 16:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edwina\My Documents\Downloads
[2009/09/27 16:47:17 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Edwina\Desktop\byes.exe.exe
[2009/09/27 16:47:14 | 00,000,526 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to mbam-setup.lnk
[2009/09/25 12:00:12 | 00,009,325 | ---- | C] () -- C:\WINDOWS\System32\9515spazbot56a.ocx
[2009/09/25 08:10:32 | 00,009,186 | ---- | C] () -- C:\WINDOWS\25517not-a-virz519c.bin
[2009/09/23 04:07:59 | 00,017,624 | ---- | C] () -- C:\WINDOWS\System32\304z5py9are369.exe
[2009/09/23 03:40:47 | 00,007,537 | ---- | C] () -- C:\WINDOWS\System32\2248s5ezl29399.ocx
[2009/09/22 22:42:44 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/22 22:39:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/09/22 20:45:11 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/09/22 20:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/22 18:06:32 | 00,003,569 | ---- | C] () -- C:\WINDOWS\7c4cthrea5292z7.dll
[2009/09/21 22:00:26 | 00,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/21 21:55:19 | 00,000,000 | ---D | C] -- C:\af607bc2bb5bea11246379519548ed3a
[2009/09/19 23:53:22 | 00,011,857 | ---- | C] () -- C:\WINDOWS\System32\37d2vi96z25.bin
[2009/09/17 23:23:50 | 00,010,616 | ---- | C] () -- C:\WINDOWS\29092z5oj105.ocx
[2009/09/17 21:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/09/15 07:29:58 | 00,011,618 | ---- | C] () -- C:\WINDOWS\System32\52d4adzware9055.ocx
[2009/09/14 23:51:53 | 00,000,000 | ---D | C] -- C:\Program Files\LightScribe Template Labeler
[2009/09/14 23:51:10 | 11,272,368 | ---- | C] (LightScribe ) -- C:\Documents and Settings\Edwina\Desktop\LightScribeTemplateLabeler_1.18.5.1.exe
[2009/09/14 23:26:15 | 00,000,000 | ---D | C] -- C:\Program Files\LightScribe

========== Files - Modified Within 14 Days ==========

[2009/12/26 08:06:19 | 00,017,666 | ---- | M] () -- C:\WINDOWS\System32\25653h9cktzol1bf.dll
[2009/12/25 02:52:22 | 00,013,846 | ---- | M] () -- C:\WINDOWS\998downloadzr55.cpl
[2009/12/24 00:19:57 | 00,014,217 | ---- | M] () -- C:\WINDOWS\System32\5310tr9j57z.bin
[2009/12/23 11:30:54 | 00,015,420 | ---- | M] () -- C:\WINDOWS\55z6s9y74d.exe
[2009/12/22 11:04:48 | 00,011,096 | ---- | M] () -- C:\WINDOWS\System32\za5spyw9re1168.ocx
[2009/12/22 06:05:51 | 00,014,052 | ---- | M] () -- C:\WINDOWS\System32\10ezthief1952.dll
[2009/12/22 03:36:21 | 00,003,839 | ---- | M] () -- C:\WINDOWS\56961spz70.cpl
[2009/12/18 19:36:32 | 00,014,535 | ---- | M] () -- C:\WINDOWS\System32\91455spy4zb.cpl
[2009/12/18 15:38:29 | 00,013,464 | ---- | M] () -- C:\WINDOWS\System32\9688w5rm499z.exe
[2009/12/18 07:16:59 | 00,006,746 | ---- | M] () -- C:\WINDOWS\3599downloaderz082.cpl
[2009/12/13 18:07:27 | 00,014,809 | ---- | M] () -- C:\WINDOWS\System32\1db5ir699z.dll
[2009/12/13 05:37:47 | 00,004,058 | ---- | M] () -- C:\WINDOWS\300ad59nlozder1322.cpl
[2009/12/12 15:21:26 | 00,012,171 | ---- | M] () -- C:\WINDOWS\System32\1z364wor5229.exe
[2009/12/08 05:00:14 | 00,010,050 | ---- | M] () -- C:\WINDOWS\System32\19661v5rzs729.bin
[2009/12/07 03:59:39 | 00,012,852 | ---- | M] () -- C:\WINDOWS\1414559oj5fz.cpl
[2009/12/06 18:47:29 | 00,002,553 | ---- | M] () -- C:\WINDOWS\System32\2zd5b9ckdoor1036.exe
[2009/12/05 08:19:48 | 00,008,651 | ---- | M] () -- C:\WINDOWS\System32\90af5iz1145.ocx
[2009/12/03 03:48:46 | 00,008,993 | ---- | M] () -- C:\WINDOWS\19719zpyf5.exe
[2009/12/02 22:04:23 | 00,015,104 | ---- | M] () -- C:\WINDOWS\18346not9z-5irus286.dll
[2009/12/01 09:46:19 | 00,003,056 | ---- | M] () -- C:\WINDOWS\2z560spa9bot405.dll
[2009/11/26 08:02:33 | 00,017,668 | ---- | M] () -- C:\WINDOWS\System32\3dz5backdoor2349.bin
[2009/11/25 07:24:29 | 00,004,104 | ---- | M] () -- C:\WINDOWS\System32\27594v9rzs5135.bin
[2009/11/22 10:19:57 | 00,010,447 | ---- | M] () -- C:\WINDOWS\z768threat169065.exe
[2009/11/21 18:12:57 | 00,016,716 | ---- | M] () -- C:\WINDOWS\System32\8532z5r927e.bin
[2009/11/21 05:57:37 | 00,017,355 | ---- | M] () -- C:\WINDOWS\91dbstzal2635.dll
[2009/11/20 21:45:36 | 00,014,223 | ---- | M] () -- C:\WINDOWS\16381troj9dz5.bin
[2009/11/15 00:05:31 | 00,015,207 | ---- | M] () -- C:\WINDOWS\System32\2601295y4z4.cpl
[2009/11/14 16:15:55 | 00,002,881 | ---- | M] () -- C:\WINDOWS\184z5tro93e.ocx
[2009/11/14 07:20:55 | 00,008,703 | ---- | M] () -- C:\WINDOWS\System32\50c4d9wnloader247z.ocx
[2009/11/11 08:35:03 | 00,004,337 | ---- | M] () -- C:\WINDOWS\System32\z239viru526f.bin
[2009/11/11 07:41:40 | 00,017,106 | ---- | M] () -- C:\WINDOWS\System32\74359aczdoor1319.exe
[2009/11/10 11:35:04 | 00,007,867 | ---- | M] () -- C:\WINDOWS\System32\6691tr5z2e4.ocx
[2009/11/09 17:56:12 | 00,015,810 | ---- | M] () -- C:\WINDOWS\System32\35c99ir30z6.ocx
[2009/11/09 11:02:06 | 00,015,763 | ---- | M] () -- C:\WINDOWS\5983spy105z.cpl
[2009/11/08 04:27:14 | 00,003,577 | ---- | M] () -- C:\WINDOWS\3dc2azdware97245.exe
[2009/11/06 19:55:06 | 00,008,137 | ---- | M] () -- C:\WINDOWS\6e43downloa9er2535z.dll
[2009/11/06 02:02:37 | 00,015,100 | ---- | M] () -- C:\WINDOWS\System32\3cedspa9sz2589.ocx
[2009/11/04 08:07:52 | 00,016,187 | ---- | M] () -- C:\WINDOWS\System32\3558vizus945.exe
[2009/11/03 00:00:22 | 00,009,974 | ---- | M] () -- C:\WINDOWS\z840t9r5at10351.dll
[2009/11/02 17:53:37 | 00,016,531 | ---- | M] () -- C:\WINDOWS\System32\25599vzru588.cpl
[2009/11/02 00:35:58 | 00,014,396 | ---- | M] () -- C:\WINDOWS\6c5downloaz9r2977.ocx
[2009/10/28 00:57:08 | 00,004,744 | ---- | M] () -- C:\WINDOWS\6781vir9ze85.dll
[2009/10/26 20:36:45 | 00,011,328 | ---- | M] () -- C:\WINDOWS\55931spa9bzt738.bin
[2009/10/26 04:08:04 | 00,010,486 | ---- | M] () -- C:\WINDOWS\28690troz151.ocx
[2009/10/25 21:02:33 | 00,009,723 | ---- | M] () -- C:\WINDOWS\426bbackd95z342.bin
[2009/10/25 20:02:19 | 00,016,903 | ---- | M] () -- C:\WINDOWS\59cbzh9eat14059.bin
[2009/10/25 11:07:48 | 00,005,895 | ---- | M] () -- C:\WINDOWS\e69thzef2569.exe
[2009/10/24 12:46:35 | 00,013,697 | ---- | M] () -- C:\WINDOWS\System32\295395pyz21.ocx
[2009/10/23 21:45:19 | 00,003,813 | ---- | M] () -- C:\WINDOWS\System32\6989w5zm924.bin
[2009/10/20 12:53:24 | 00,004,426 | ---- | M] () -- C:\WINDOWS\6c53addz9re1419.bin
[2009/10/20 12:26:08 | 00,013,519 | ---- | M] () -- C:\WINDOWS\System32\995bspars53125z.ocx
[2009/10/17 14:54:15 | 00,005,010 | ---- | M] () -- C:\WINDOWS\979dzwnload5r2596.cpl
[2009/10/17 14:33:36 | 00,010,253 | ---- | M] () -- C:\WINDOWS\System32\38305i9z49.ocx
[2009/10/17 06:55:06 | 00,017,168 | ---- | M] () -- C:\WINDOWS\System32\77c85t9al20z0.cpl
[2009/10/13 01:28:59 | 00,004,609 | ---- | M] () -- C:\WINDOWS\90555troj6z1.exe
[2009/10/12 23:22:05 | 00,004,624 | ---- | M] () -- C:\WINDOWS\5a7aaddwa9ez06.bin
[2009/10/10 11:56:20 | 00,012,693 | ---- | M] () -- C:\WINDOWS\System32\624backdooz1955.cpl
[2009/10/10 01:53:01 | 00,009,061 | ---- | M] () -- C:\WINDOWS\System32\3109znot-a-5iru936.bin
[2009/10/08 13:54:03 | 00,002,637 | ---- | M] () -- C:\WINDOWS\System32\5cz5thief21349.cpl
[2009/10/06 12:36:28 | 00,016,259 | ---- | M] () -- C:\WINDOWS\System32\31z5addware1529.cpl
[2009/10/02 12:35:54 | 00,009,755 | ---- | M] () -- C:\WINDOWS\System32\a9c9ownlozde52527.bin
[2009/10/01 23:58:06 | 00,006,187 | ---- | M] () -- C:\WINDOWS\7z6ab5ckdoor3955.ocx
[2009/09/27 19:04:57 | 00,023,831 | ---- | M] () -- C:\Documents and Settings\Edwina\Desktop\help.rtf
[2009/09/27 18:35:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/27 18:35:28 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/27 18:32:50 | 00,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/27 18:32:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/27 18:32:41 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/27 18:32:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/27 18:32:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 18:16:16 | 03,237,356 | -H-- | M] () -- C:\Documents and Settings\Edwina\Local Settings\Application Data\IconCache.db
[2009/09/27 18:13:32 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Edwina\Desktop\NTREGOPT.lnk
[2009/09/27 18:13:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Edwina\Desktop\ERUNT.lnk
[2009/09/27 17:20:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/27 17:19:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 17:07:23 | 00,136,382 | ---- | M] ( ) -- C:\Documents and Settings\Edwina\Desktop\fr33.exe
[2009/09/27 17:01:20 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Edwina\Desktop\Spybot - Search & Destroy.lnk
[2009/09/27 16:59:09 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Edwina\Desktop\botbot.exe.exe
[2009/09/27 16:47:14 | 00,000,526 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shortcut to mbam-setup.lnk
[2009/09/27 16:46:21 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/27 16:10:32 | 41,851,550 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/26 23:52:17 | 00,113,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/25 12:00:12 | 00,009,325 | ---- | M] () -- C:\WINDOWS\System32\9515spazbot56a.ocx
[2009/09/25 08:10:32 | 00,009,186 | ---- | M] () -- C:\WINDOWS\25517not-a-virz519c.bin
[2009/09/23 04:07:59 | 00,017,624 | ---- | M] () -- C:\WINDOWS\System32\304z5py9are369.exe
[2009/09/23 03:40:47 | 00,007,537 | ---- | M] () -- C:\WINDOWS\System32\2248s5ezl29399.ocx
[2009/09/22 22:22:54 | 00,000,553 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/22 22:22:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/22 22:22:54 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/22 20:44:45 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/09/22 20:40:29 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Edwina\Desktop\byes.exe.exe
[2009/09/22 18:06:32 | 00,003,569 | ---- | M] () -- C:\WINDOWS\7c4cthrea5292z7.dll
[2009/09/21 22:23:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/19 23:53:22 | 00,011,857 | ---- | M] () -- C:\WINDOWS\System32\37d2vi96z25.bin
[2009/09/17 23:23:50 | 00,010,616 | ---- | M] () -- C:\WINDOWS\29092z5oj105.ocx
[2009/09/15 07:29:58 | 00,011,618 | ---- | M] () -- C:\WINDOWS\System32\52d4adzware9055.ocx
[2009/09/14 23:51:23 | 11,272,368 | ---- | M] (LightScribe ) -- C:\Documents and Settings\Edwina\Desktop\LightScribeTemplateLabeler_1.18.5.1.exe
[2009/09/14 23:22:21 | 00,537,144 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/14 23:22:21 | 00,453,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/14 23:22:21 | 00,074,366 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== LOP Check ==========

[2009/09/27 17:19:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/27 12:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/01 20:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/07/08 00:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/07/08 00:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/05/01 20:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/24 17:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/05/23 19:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/17 13:12:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Edwina\Application Data
[2009/05/01 20:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edwina\Application Data\Ahead
[2009/04/25 14:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edwina\Application Data\Windows Desktop Search
[2009/08/27 13:27:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/03/31 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/27 18:32:41 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/09/27 18:32:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/27 17:20:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/27 18:35:28 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/27 18:32:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >






AND lastly, here is my Extras.Txt log:

OTL Extras logfile created on: 9/27/2009 7:06:14 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Edwina\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.67 Mb Total Physical Memory | 384.78 Mb Available Physical Memory | 37.62% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 912.75 Gb Free Space | 97.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDWINA-HOME
Current User Name: Edwina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 
"FirewallDisableNotify" = 
"UpdatesDisableNotify" = 
"AntiVirusOverride" = 
"FirewallOverride" = 
"FirstRunDisabled" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8085:TCP" = 8085:TCP:*:Enabled:sfx

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- ()
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- File not found
"C:\WINDOWS\svchost.exe" = C:\WINDOWS\svchost.exe:*:Enabled:RPC -- (Xerox)
"C:\Documents and Settings\Edwina_2\Application Data\svchost.exe" = C:\Documents and Settings\Edwina_2\Application Data\svchost.exe:*:Enabled:RPC -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB0BA61A-8295-4211-85F7-184FC2591033}" = Nero 7 Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micrografx All In One Web Photo Studio" = Micrografx All In One Web Photo Studio
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2009 1:02:03 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/28/2009 1:02:29 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/30/2009 1:12:52 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/30/2009 1:13:18 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/30/2009 1:14:12 AM | Computer Name = EDWINA-HOME | Source = HotFixInstaller | ID = 1000
Description = Faulting application hotfixinstaller.exe, version 9.0.31211.0, stamp
4940dfa9, faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482,
debug? 0, fault address 0x00012afb.

Error - 8/30/2009 1:18:18 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application photosnapviewer.exe, version 1.2.0.25, faulting
module shellmanager.dll, version 7.10.1.2, fault address 0x00083960.

Error - 8/30/2009 1:20:14 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application photosnapviewer.exe, version 1.2.0.25, faulting
module shellmanager.dll, version 7.10.1.2, fault address 0x00083960.

Error - 8/30/2009 1:20:22 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application photosnapviewer.exe, version 1.2.0.25, faulting
module shellmanager.dll, version 7.10.1.2, fault address 0x00083960.

Error - 8/30/2009 1:20:43 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application photosnapviewer.exe, version 1.2.0.25, faulting
module shellmanager.dll, version 7.10.1.2, fault address 0x00083960.

Error - 8/30/2009 1:52:13 AM | Computer Name = EDWINA-HOME | Source = Application Error | ID = 1000
Description = Faulting application photosnapviewer.exe, version 1.2.0.25, faulting
module shellmanager.dll, version 7.10.1.2, fault address 0x00083960.

[ System Events ]
Error - 9/27/2009 9:12:08 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9fed198a58898) service failed
to start due to the following error: %%1053

Error - 9/27/2009 9:12:08 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 9/27/2009 9:16:40 PM | Computer Name = EDWINA-HOME | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET
Framework Assistant 1.0 x86 (KB963707).

Error - 9/27/2009 9:16:44 PM | Computer Name = EDWINA-HOME | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 9/27/2009 9:29:17 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9fed198a58898) service to connect.

Error - 9/27/2009 9:29:17 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9fed198a58898) service failed
to start due to the following error: %%1053

Error - 9/27/2009 9:29:17 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 9/27/2009 9:33:01 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9fed198a58898) service to connect.

Error - 9/27/2009 9:33:01 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9fed198a58898) service failed
to start due to the following error: %%1053

Error - 9/27/2009 9:33:01 PM | Computer Name = EDWINA-HOME | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2


< End of report >




Thanks in advance!

#2 Octagonal

  • Group: Member
  • Posts: 2,528
  • Joined: 04-May 05

Posted 28 September 2009 - 04:20 AM

You already have a topic open for this problem here. Please do not double post.

Share this topic:


Page 1 of 1