Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure what - Windows XP Malware


  • Please log in to reply

#1
Aaron W

Aaron W

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 10/2/2009 7:51:07 PM - Run 1
OTL by OldTimer - Version 3.0.18.0 Folder = C:\Documents and Settings\Andrea\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 194.26 Mb Available Physical Memory | 38.09% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.34 Gb Total Space | 204.77 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON
Current User Name: Andrea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/12/08 16:38:52 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/12/12 17:06:08 | 00,874,064 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2005/04/22 09:45:38 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2005/04/22 10:00:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2007/10/14 12:11:09 | 00,217,208 | ---- | M] (Emsi Software GmbH) -- c:\program files\a-squared free\a2service.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2003/08/08 19:04:38 | 00,106,496 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe
PRC - [2005/12/12 16:50:15 | 00,190,032 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2002/03/13 09:50:34 | 00,225,375 | ---- | M] () -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/10/02 19:50:15 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/14 12:11:09 | 00,217,208 | ---- | M] (Emsi Software GmbH) -- c:\program files\a-squared free\a2service.exe -- (a2free [Auto | Running])
SRV - [2005/11/30 10:35:38 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Disabled | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2005/03/03 19:11:32 | 00,466,944 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/20 19:03:55 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2002/03/13 09:50:34 | 00,225,375 | ---- | M] () -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [On_Demand | Running])
SRV - [2004/01/28 17:48:36 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2003/08/08 19:04:38 | 00,106,496 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte [Auto | Running])
SRV - [2004/05/26 16:39:00 | 00,573,440 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/11/17 18:32:27 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
SRV - [2005/12/12 16:50:15 | 00,190,032 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/04/03 18:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/29 21:00:46 | 00,000,000 | ---D | M]

[2009/01/27 22:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Extensions
[2009/01/27 22:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 20:03:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Firefox\Profiles\pwsduqpf.default\extensions
[2009/03/09 21:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Firefox\Profiles\pwsduqpf.default\extensions\[email protected]
[2009/08/02 21:24:56 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\Andrea\Application Data\Mozilla\FireFox\Profiles\pwsduqpf.default\searchplugins\aim-search.xml
[2008/09/26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2007/08/20 17:45:02 | 01,431,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/02/10 17:59:33 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2004/12/14 03:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/28 19:08:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/28 19:08:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint_.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll File not found
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: samueladams.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 37 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0caca64e-3c2c-11de-b964-0011115b8f93}\Shell - "" = AutoRun
O33 - MountPoints2\{0caca64e-3c2c-11de-b964-0011115b8f93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0caca64e-3c2c-11de-b964-0011115b8f93}\Shell\AutoRun\command - "" = J:\ImageViewer4.exe -- File not found
O33 - MountPoints2\{484350c0-a70f-11de-ba27-0011115b8f93}\Shell - "" = AutoRun
O33 - MountPoints2\{484350c0-a70f-11de-ba27-0011115b8f93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{484350c0-a70f-11de-ba27-0011115b8f93}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/28 20:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/28 20:46:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\Malwarebytes
[2009/09/28 20:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\U3
[2009/09/28 20:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/28 20:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/28 22:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/28 22:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/02 19:50:13 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\OTL.exe
[2009/10/02 19:47:12 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Andrea\Desktop\RootRepeal.exe
[2009/09/29 21:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/29 21:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/29 21:06:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/29 21:00:50 | 00,000,000 | ---D | C] -- C:\00b6bd2212ce48073c
[2009/09/28 22:29:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/28 22:28:09 | 00,000,000 | ---D | C] -- C:\c4ef698527796d2b317da1bb31
[2009/09/28 22:07:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/28 21:57:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/09/28 21:57:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/28 21:57:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/28 21:57:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/09/28 21:57:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/09/28 21:53:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/09/28 21:37:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/09/28 21:37:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/09/28 21:09:25 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/28 21:09:24 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/28 21:09:24 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/28 21:09:20 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/28 21:09:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/28 21:09:20 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/28 21:09:20 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/28 21:09:20 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/28 21:08:56 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/28 21:07:28 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Andrea\Desktop\avast_home_setup.exe
[2009/09/28 20:46:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/28 20:46:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/28 20:45:44 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea\Desktop\mbam-setup.exe
[2009/09/28 20:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/28 20:43:26 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andrea\Desktop\erunt_setup.exe
[2009/09/28 20:42:31 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Andrea\Desktop\SysRestorePoint.exe
[2009/09/28 20:28:32 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\TFC.exe
[2009/09/28 20:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Desktop\need burned
[2009/09/28 19:58:35 | 00,000,000 | ---D | C] -- C:\Config.Msi

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/02 19:52:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (AARON-AaronW).job
[2009/10/02 19:51:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (AARON-Andrea).job
[2009/10/02 19:51:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (DHV17V51-Owner).job
[2009/10/02 19:50:15 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\OTL.exe
[2009/10/02 19:47:32 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\settings.dat
[2009/10/02 19:47:14 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Andrea\Desktop\RootRepeal.exe
[2009/10/02 19:45:34 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/02 19:45:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 19:45:09 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/02 19:45:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/30 21:57:58 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/30 21:44:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/29 21:09:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/29 20:41:58 | 00,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/28 22:34:32 | 00,503,486 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/28 22:34:32 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/09/28 22:34:32 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/09/28 21:52:58 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2009/09/28 21:09:25 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/28 21:09:20 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/28 21:07:29 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Andrea\Desktop\avast_home_setup.exe
[2009/09/28 20:46:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 20:45:47 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea\Desktop\mbam-setup.exe
[2009/09/28 20:44:11 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\NTREGOPT.lnk
[2009/09/28 20:44:10 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\ERUNT.lnk
[2009/09/28 20:43:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andrea\Desktop\erunt_setup.exe
[2009/09/28 20:42:31 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Andrea\Desktop\SysRestorePoint.exe
[2009/09/28 20:33:48 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Shortcut to iexplore.lnk
[2009/09/28 20:28:45 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\TFC.exe
[2009/09/21 20:50:48 | 02,798,389 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Eyes Open.pdf
[2009/09/21 20:50:04 | 00,775,087 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - David Gray_ Greate.pdf
[2009/09/21 20:33:49 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Money Paid to Mom.xls
[2009/09/19 14:06:16 | 00,627,727 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Sci-Fi Crimes.pdf
[2009/09/19 14:05:49 | 05,510,216 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Constellations.pdf

========== Files - No Company Name ==========
[2009/10/02 19:47:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\settings.dat
[2009/09/29 20:46:49 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/09/28 21:09:25 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/28 21:08:56 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/09/28 20:46:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 20:44:11 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\NTREGOPT.lnk
[2009/09/28 20:44:10 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\ERUNT.lnk
[2009/09/28 20:33:48 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Shortcut to iexplore.lnk
[2009/09/21 20:50:48 | 02,798,389 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Eyes Open.pdf
[2009/09/21 20:50:04 | 00,775,087 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - David Gray_ Greate.pdf
[2009/09/21 20:48:12 | 42,198,454 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\01 Shimmer & Shine.m4v
[2009/09/19 14:06:16 | 00,627,727 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Sci-Fi Crimes.pdf
[2009/09/19 14:05:49 | 05,510,216 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Constellations.pdf
[2006/08/31 18:46:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\Install.dat
[2004/11/27 11:42:56 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/27 23:53:16 | 00,039,504 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/10/24 18:01:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Andrea\Application Data\DESKTOP.INI
[2004/10/24 18:01:11 | 05,852,704 | -H-- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\IconCache.db
[2004/08/10 13:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

========== LOP Check ==========

[2009/09/28 20:46:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/28 19:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/08 02:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2004/10/16 08:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/05 18:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/10/15 16:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/09/04 15:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2004/10/16 07:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/15 13:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/06 02:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/28 20:46:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Andrea\Application Data
[2004/11/10 21:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Leadertech
[2009/03/09 21:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Move Networks
[2004/10/27 23:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Nikon
[2007/10/10 16:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Spyware Terminator
[2009/09/28 20:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\U3
[2009/09/09 18:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/02 19:45:34 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/02 19:52:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (AARON-AaronW).job
[2009/10/02 19:51:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (AARON-Andrea).job
[2009/10/02 19:51:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (DHV17V51-Owner).job
[2009/09/01 02:05:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/02 19:45:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 10/2/2009 7:51:07 PM - Run 1
OTL by OldTimer - Version 3.0.18.0 Folder = C:\Documents and Settings\Andrea\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 194.26 Mb Available Physical Memory | 38.09% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.34 Gb Total Space | 204.77 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON
Current User Name: Andrea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\WINDOWS\Temp\us10050.exe" = C:\WINDOWS\Temp\us10050.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\printer.exe" = C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\spoolvs.exe" = C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\shell.exe" = C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe" = C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\Temp\us10050.exe" = C:\WINDOWS\Temp\us10050.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\printer.exe" = C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\spoolvs.exe" = C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\shell.exe" = C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe" = C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" = C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E77D20-647C-40E2-B69B-C120D4D58190}" = G5a922EN
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3815721-7859-40E2-846A-0C9461BDCD8D}" = Wireless G WDA-1320
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"avast!" = avast! Antivirus
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{D3815721-7859-40E2-846A-0C9461BDCD8D}" = Wireless G WDA-1320
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Network Magic" = Pure Networks Network Magic
"PROSet" = Intel® PRO Network Adapters and Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusScan Online" = McAfee VirusScan
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/14/2007 4:26:16 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/14/2007 4:48:53 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/14/2007 6:08:30 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/15/2007 12:51:45 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak failed, 00000005.

Error - 10/15/2007 12:51:56 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/15/2007 1:02:54 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak failed, 00000005.

Error - 10/15/2007 1:03:14 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/25/2007 10:28:54 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\kayla\Thumbs.db failed, 00000015.

Error - 10/25/2007 10:28:54 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\kayla\Thumbs.db failed, 00000015.

[ Application Events ]
Error - 7/29/2009 8:57:33 PM | Computer Name = AARON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/29/2009 8:57:33 PM | Computer Name = AARON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/18/2009 5:36:26 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.5.0.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/18/2009 5:36:33 PM | Computer Name = AARON | Source = Application Hang | ID = 1001
Description = Fault bucket 450859493.

Error - 9/5/2009 1:58:30 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 8.2.1.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/5/2009 1:59:44 PM | Computer Name = AARON | Source = Application Hang | ID = 1001
Description = Fault bucket 1367869003.

Error - 9/7/2009 9:59:58 PM | Computer Name = AARON | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.0.0, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011948.

Error - 9/7/2009 10:00:21 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2009 2:24:49 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2009 3:05:58 PM | Computer Name = AARON | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 201608 ms to complete a request. The process will be terminated. Thread id :
1272 (0x4f8) Thread address : 0x7c90e514 Thread message : Build Sep 8 2001 15:13:39
/ 10.21 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\uninitialized
( @ 7005 (7004,7003,5008,5007))

[ System Events ]
Error - 10/1/2009 4:36:48 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022

Error - 10/1/2009 8:19:19 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 10/1/2009 8:19:25 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022

Error - 10/1/2009 8:23:12 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7034
Description = The McAfee.com McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/2/2009 4:38:44 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 10/2/2009 4:39:08 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022

Error - 10/2/2009 4:39:37 PM | Computer Name = AARON | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 0035101f, parameter2 00000002, parameter3
00000000, parameter4 804eea31.

Error - 10/2/2009 7:45:31 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 10/2/2009 7:45:36 PM | Computer Name = AARON | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name MicrosoftXPS.

Error - 10/2/2009 7:45:41 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022


< End of report >



Malwarebytes' Anti-Malware 1.41
Database version: 2869
Windows 5.1.2600 Service Pack 2

9/28/2009 8:52:07 PM
mbam-log-2009-09-28 (20-52-07).txt

Scan type: Quick Scan
Objects scanned: 105552
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{abcdecef-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{abcdece2-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 19:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF410000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B57000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE161000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef4306b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef430574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef430a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43014c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef4300f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43072e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef4308ae

==EOF==
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP