OTL by OldTimer - Version 3.0.18.0 Folder = C:\Documents and Settings\Andrea\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 194.26 Mb Available Physical Memory | 38.09% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.34 Gb Total Space | 204.77 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AARON
Current User Name: Andrea
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/12/08 16:38:52 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/12/12 17:06:08 | 00,874,064 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2005/04/22 09:45:38 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2005/04/22 10:00:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2007/10/14 12:11:09 | 00,217,208 | ---- | M] (Emsi Software GmbH) -- c:\program files\a-squared free\a2service.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2003/08/08 19:04:38 | 00,106,496 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe
PRC - [2005/12/12 16:50:15 | 00,190,032 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2002/03/13 09:50:34 | 00,225,375 | ---- | M] () -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/10/02 19:50:15 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2007/10/14 12:11:09 | 00,217,208 | ---- | M] (Emsi Software GmbH) -- c:\program files\a-squared free\a2service.exe -- (a2free [Auto | Running])
SRV - [2005/11/30 10:35:38 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Disabled | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2005/03/03 19:11:32 | 00,466,944 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/20 19:03:55 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2002/03/13 09:50:34 | 00,225,375 | ---- | M] () -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [On_Demand | Running])
SRV - [2004/01/28 17:48:36 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2003/08/08 19:04:38 | 00,106,496 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte [Auto | Running])
SRV - [2004/05/26 16:39:00 | 00,573,440 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/11/17 18:32:27 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
SRV - [2005/12/12 16:50:15 | 00,190,032 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/04/03 18:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/29 21:00:46 | 00,000,000 | ---D | M]
[2009/01/27 22:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Extensions
[2009/01/27 22:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 20:03:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Firefox\Profiles\pwsduqpf.default\extensions
[2009/03/09 21:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\mozilla\Firefox\Profiles\pwsduqpf.default\extensions\[email protected]
[2009/08/02 21:24:56 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\Andrea\Application Data\Mozilla\FireFox\Profiles\pwsduqpf.default\searchplugins\aim-search.xml
[2008/09/26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2007/08/20 17:45:02 | 01,431,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/02/10 17:59:33 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2004/12/14 03:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/28 19:08:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/28 19:08:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint_.dll
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll File not found
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: samueladams.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 37 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0caca64e-3c2c-11de-b964-0011115b8f93}\Shell - "" = AutoRun
O33 - MountPoints2\{0caca64e-3c2c-11de-b964-0011115b8f93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0caca64e-3c2c-11de-b964-0011115b8f93}\Shell\AutoRun\command - "" = J:\ImageViewer4.exe -- File not found
O33 - MountPoints2\{484350c0-a70f-11de-ba27-0011115b8f93}\Shell - "" = AutoRun
O33 - MountPoints2\{484350c0-a70f-11de-ba27-0011115b8f93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{484350c0-a70f-11de-ba27-0011115b8f93}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[1 C:\WINDOWS\*.tmp files]
[2009/09/28 20:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/28 20:46:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\Malwarebytes
[2009/09/28 20:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\U3
[2009/09/28 20:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/28 20:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/28 22:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/28 22:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/02 19:50:13 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\OTL.exe
[2009/10/02 19:47:12 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Andrea\Desktop\RootRepeal.exe
[2009/09/29 21:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/29 21:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/29 21:06:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/29 21:00:50 | 00,000,000 | ---D | C] -- C:\00b6bd2212ce48073c
[2009/09/28 22:29:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/28 22:28:09 | 00,000,000 | ---D | C] -- C:\c4ef698527796d2b317da1bb31
[2009/09/28 22:07:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/28 21:57:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/09/28 21:57:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/28 21:57:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/28 21:57:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/09/28 21:57:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/09/28 21:53:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/09/28 21:37:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/09/28 21:37:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/09/28 21:09:25 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/28 21:09:24 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/28 21:09:24 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/28 21:09:20 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/28 21:09:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/28 21:09:20 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/28 21:09:20 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/28 21:09:20 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/28 21:08:56 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/28 21:07:28 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Andrea\Desktop\avast_home_setup.exe
[2009/09/28 20:46:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/28 20:46:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/28 20:45:44 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea\Desktop\mbam-setup.exe
[2009/09/28 20:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/28 20:43:26 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andrea\Desktop\erunt_setup.exe
[2009/09/28 20:42:31 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Andrea\Desktop\SysRestorePoint.exe
[2009/09/28 20:28:32 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\TFC.exe
[2009/09/28 20:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Desktop\need burned
[2009/09/28 19:58:35 | 00,000,000 | ---D | C] -- C:\Config.Msi
========== Files - Modified Within 14 Days ==========
[1 C:\WINDOWS\*.tmp files]
[2009/10/02 19:52:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (AARON-AaronW).job
[2009/10/02 19:51:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (AARON-Andrea).job
[2009/10/02 19:51:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (DHV17V51-Owner).job
[2009/10/02 19:50:15 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\OTL.exe
[2009/10/02 19:47:32 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\settings.dat
[2009/10/02 19:47:14 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Andrea\Desktop\RootRepeal.exe
[2009/10/02 19:45:34 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/02 19:45:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 19:45:09 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/02 19:45:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/30 21:57:58 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/30 21:44:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/29 21:09:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/29 20:41:58 | 00,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/28 22:34:32 | 00,503,486 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/28 22:34:32 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/09/28 22:34:32 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/09/28 21:52:58 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2009/09/28 21:09:25 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/28 21:09:20 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/28 21:07:29 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Andrea\Desktop\avast_home_setup.exe
[2009/09/28 20:46:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 20:45:47 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea\Desktop\mbam-setup.exe
[2009/09/28 20:44:11 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\NTREGOPT.lnk
[2009/09/28 20:44:10 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\ERUNT.lnk
[2009/09/28 20:43:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andrea\Desktop\erunt_setup.exe
[2009/09/28 20:42:31 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Andrea\Desktop\SysRestorePoint.exe
[2009/09/28 20:33:48 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Shortcut to iexplore.lnk
[2009/09/28 20:28:45 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\TFC.exe
[2009/09/21 20:50:48 | 02,798,389 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Eyes Open.pdf
[2009/09/21 20:50:04 | 00,775,087 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - David Gray_ Greate.pdf
[2009/09/21 20:33:49 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Money Paid to Mom.xls
[2009/09/19 14:06:16 | 00,627,727 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Sci-Fi Crimes.pdf
[2009/09/19 14:05:49 | 05,510,216 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Constellations.pdf
========== Files - No Company Name ==========
[2009/10/02 19:47:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\settings.dat
[2009/09/29 20:46:49 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/09/28 21:09:25 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/28 21:08:56 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/09/28 20:46:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 20:44:11 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\NTREGOPT.lnk
[2009/09/28 20:44:10 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\ERUNT.lnk
[2009/09/28 20:33:48 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Shortcut to iexplore.lnk
[2009/09/21 20:50:48 | 02,798,389 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Eyes Open.pdf
[2009/09/21 20:50:04 | 00,775,087 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - David Gray_ Greate.pdf
[2009/09/21 20:48:12 | 42,198,454 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\01 Shimmer & Shine.m4v
[2009/09/19 14:06:16 | 00,627,727 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Sci-Fi Crimes.pdf
[2009/09/19 14:05:49 | 05,510,216 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Digital Booklet - Constellations.pdf
[2006/08/31 18:46:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\Install.dat
[2004/11/27 11:42:56 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/27 23:53:16 | 00,039,504 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/10/24 18:01:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Andrea\Application Data\DESKTOP.INI
[2004/10/24 18:01:11 | 05,852,704 | -H-- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\IconCache.db
[2004/08/10 13:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
========== LOP Check ==========
[2009/09/28 20:46:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/28 19:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/08 02:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2004/10/16 08:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/05 18:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/10/15 16:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/09/04 15:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2004/10/16 07:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/15 13:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/06 02:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/28 20:46:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Andrea\Application Data
[2004/11/10 21:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Leadertech
[2009/03/09 21:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Move Networks
[2004/10/27 23:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Nikon
[2007/10/10 16:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\Spyware Terminator
[2009/09/28 20:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrea\Application Data\U3
[2009/09/09 18:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/02 19:45:34 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/02 19:52:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (AARON-AaronW).job
[2009/10/02 19:51:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (AARON-Andrea).job
[2009/10/02 19:51:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (DHV17V51-Owner).job
[2009/09/01 02:05:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/02 19:45:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 10/2/2009 7:51:07 PM - Run 1
OTL by OldTimer - Version 3.0.18.0 Folder = C:\Documents and Settings\Andrea\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 194.26 Mb Available Physical Memory | 38.09% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.34 Gb Total Space | 204.77 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AARON
Current User Name: Andrea
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\WINDOWS\Temp\us10050.exe" = C:\WINDOWS\Temp\us10050.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\printer.exe" = C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\spoolvs.exe" = C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\shell.exe" = C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe" = C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\Temp\us10050.exe" = C:\WINDOWS\Temp\us10050.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\printer.exe" = C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\spoolvs.exe" = C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\shell.exe" = C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\AaronW\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe" = C:\Documents and Settings\Andrea\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe" = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" = C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service -- (Pure Networks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E77D20-647C-40E2-B69B-C120D4D58190}" = G5a922EN
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3815721-7859-40E2-846A-0C9461BDCD8D}" = Wireless G WDA-1320
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"avast!" = avast! Antivirus
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{D3815721-7859-40E2-846A-0C9461BDCD8D}" = Wireless G WDA-1320
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Network Magic" = Pure Networks Network Magic
"PROSet" = Intel® PRO Network Adapters and Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusScan Online" = McAfee VirusScan
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 10/14/2007 4:26:16 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.
Error - 10/14/2007 4:48:53 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.
Error - 10/14/2007 6:08:30 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.
Error - 10/15/2007 12:51:45 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak failed, 00000005.
Error - 10/15/2007 12:51:56 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.
Error - 10/15/2007 1:02:54 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak failed, 00000005.
Error - 10/15/2007 1:03:14 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.
Error - 10/25/2007 10:28:54 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\kayla\Thumbs.db failed, 00000015.
Error - 10/25/2007 10:28:54 PM | Computer Name = AARON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\kayla\Thumbs.db failed, 00000015.
[ Application Events ]
Error - 7/29/2009 8:57:33 PM | Computer Name = AARON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/29/2009 8:57:33 PM | Computer Name = AARON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/18/2009 5:36:26 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.5.0.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 8/18/2009 5:36:33 PM | Computer Name = AARON | Source = Application Hang | ID = 1001
Description = Fault bucket 450859493.
Error - 9/5/2009 1:58:30 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 8.2.1.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/5/2009 1:59:44 PM | Computer Name = AARON | Source = Application Hang | ID = 1001
Description = Fault bucket 1367869003.
Error - 9/7/2009 9:59:58 PM | Computer Name = AARON | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.0.0, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011948.
Error - 9/7/2009 10:00:21 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/19/2009 2:24:49 PM | Computer Name = AARON | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/19/2009 3:05:58 PM | Computer Name = AARON | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 201608 ms to complete a request. The process will be terminated. Thread id :
1272 (0x4f8) Thread address : 0x7c90e514 Thread message : Build Sep 8 2001 15:13:39
/ 10.21 Object being scanned = \Device\HarddiskVolume2\WINDOWS\SYSTEM32\uninitialized
( @ 7005 (7004,7003,5008,5007))
[ System Events ]
Error - 10/1/2009 4:36:48 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022
Error - 10/1/2009 8:19:19 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).
Error - 10/1/2009 8:19:25 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022
Error - 10/1/2009 8:23:12 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7034
Description = The McAfee.com McShield service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/2/2009 4:38:44 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).
Error - 10/2/2009 4:39:08 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022
Error - 10/2/2009 4:39:37 PM | Computer Name = AARON | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 0035101f, parameter2 00000002, parameter3
00000000, parameter4 804eea31.
Error - 10/2/2009 7:45:31 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).
Error - 10/2/2009 7:45:36 PM | Computer Name = AARON | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name MicrosoftXPS.
Error - 10/2/2009 7:45:41 PM | Computer Name = AARON | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%10022
< End of report >
Malwarebytes' Anti-Malware 1.41
Database version: 2869
Windows 5.1.2600 Service Pack 2
9/28/2009 8:52:07 PM
mbam-log-2009-09-28 (20-52-07).txt
Scan type: Quick Scan
Objects scanned: 105552
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{abcdecef-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{abcdece2-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 19:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF410000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B57000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE161000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef4306b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef430574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef430a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43014c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43064e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43008c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef4300f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43076e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef43072e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef4308ae
==EOF==