here is my otl file:
OTL logfile created on: 10/21/2009 1:50:43 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
991.48 Mb Total Physical Memory | 523.57 Mb Available Physical Memory | 52.81% Memory free
1.88 Gb Paging File | 1.47 Gb Available in Paging File | 78.17% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.76 Gb Free Space | 66.78% Space Free | Partition Type: NTFS
Drive D: | 194.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GAMER2
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/10/21 13:46:02 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2009/09/21 20:49:29 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/21 20:47:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/02 13:30:28 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/05/04 02:27:32 | 05,044,736 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
PRC - [2004/02/07 01:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2002/08/29 16:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2000/06/26 10:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
========== Win32 Services (SafeList) ========== SRV - File not found -- -- (WUSB54GSv2SVC [Auto | Running])
SRV - [2009/09/21 20:47:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca3b1e513e1a04 [Auto | Stopped])
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/09/02 13:30:28 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Disabled | Stopped])
SRV - [2009/04/29 18:55:10 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/03/21 14:51:42 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Disabled | Stopped])
SRV - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2002/08/29 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2000/06/26 10:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/13 04:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.facebook.com/IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.live.c...?FORM=IEFM1&q="FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://go.microsoft..../?LinkId=69157"FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0847}:1.4
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "
http://search.live.c...?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2009/09/14 22:43:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:45:17 | 00,000,000 | ---D | M]
[2008/10/25 07:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\mozilla\Extensions
[2008/10/25 07:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/20 13:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\mozilla\Firefox\Profiles\yyd6lay6.default\extensions
[2009/04/30 21:22:09 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\FireFox\Profiles\yyd6lay6.default\searchplugins\live-search.xml
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/29 01:27:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWin.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E}
http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}
http://catalog.updat...b?1220140445171 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.mi...b?1215146751781 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884}
http://www.creative....101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1215146812625 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
http://www.creative....15105/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 02:37:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/01 14:41:16 | 00,000,131 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ========== [2009/10/21 03:37:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/21 13:45:58 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2009/10/21 13:44:26 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\David\Desktop\RootRepeal.exe
[2009/10/21 09:22:12 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/21 09:22:11 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/21 09:22:10 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/21 09:22:08 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/21 09:22:08 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/21 09:22:08 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/21 09:22:08 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/21 09:22:08 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/21 09:21:46 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/21 09:17:48 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\David\Desktop\avast_home_setup.exe
[2009/10/21 09:13:34 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David\Desktop\erunt_setup.exe
[2009/10/21 08:56:30 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\David\Desktop\SysRestorePoint.exe
[2009/10/21 03:57:37 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/21 03:56:07 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\David\Desktop\FixIEDef.exe
[2009/10/21 03:55:44 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/10/21 03:37:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/21 03:37:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/06/27 20:26:00 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 14 Days ========== [2009/10/21 13:46:02 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2009/10/21 13:44:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\David\Desktop\settings.dat
[2009/10/21 13:44:31 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\David\Desktop\RootRepeal.exe
[2009/10/21 13:42:46 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/21 13:37:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 09:23:44 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000007-00001102-00000004-00511102}.rfx
[2009/10/21 09:23:44 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000007-00001102-00000004-00511102}.rfx
[2009/10/21 09:23:44 | 00,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000007-00001102-00000004-00511102}.rfx
[2009/10/21 09:23:44 | 00,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000007-00001102-00000004-00511102}.rfx
[2009/10/21 09:23:44 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000007-00001102-00000004-00511102}.rfx
[2009/10/21 09:22:12 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/21 09:22:08 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/21 09:17:52 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\David\Desktop\avast_home_setup.exe
[2009/10/21 09:13:54 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/21 09:13:51 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\David\Desktop\NTREGOPT.lnk
[2009/10/21 09:13:51 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ERUNT.lnk
[2009/10/21 09:13:38 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David\Desktop\erunt_setup.exe
[2009/10/21 08:56:33 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\David\Desktop\SysRestorePoint.exe
[2009/10/21 04:26:31 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2009/10/21 03:56:14 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\David\Desktop\FixIEDef.exe
[2009/10/21 03:37:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/20 01:45:37 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/20 01:45:37 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/19 20:03:30 | 04,838,818 | -H-- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2009/10/18 21:23:13 | 00,004,443 | ---- | M] () -- C:\Documents and Settings\David\Desktop\dallascowboys2009.csv
[2009/10/15 18:06:53 | 00,494,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 18:06:53 | 00,094,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 18:06:53 | 00,004,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 18:03:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 19:56:47 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
========== Files - No Company Name ==========[2009/10/21 13:44:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\David\Desktop\settings.dat
[2009/10/21 09:22:12 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/21 09:21:46 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/21 09:13:54 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/21 03:37:12 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 21:22:48 | 00,004,443 | ---- | C] () -- C:\Documents and Settings\David\Desktop\dallascowboys2009.csv
[2009/09/21 22:44:08 | 04,838,818 | -H-- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2009/09/21 20:51:53 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/03 17:13:02 | 00,000,106 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/06/28 15:01:50 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/06/28 15:01:48 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/05/17 12:01:44 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/12 16:53:29 | 00,000,136 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/01/08 19:03:24 | 00,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/02 21:07:12 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/07/04 01:42:36 | 00,015,256 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/07/04 00:35:22 | 00,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/07/04 00:31:53 | 00,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/03 02:48:17 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/07/03 02:48:16 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/07/03 02:48:16 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/07/03 02:48:12 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/07/03 02:42:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\David\Application Data\desktop.ini
[2008/07/01 19:28:25 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/27 21:05:08 | 00,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/06/27 21:05:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/27 20:27:54 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 23:45:02 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/12 11:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/10/22 15:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/02 20:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/09/17 18:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/07/15 14:42:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/07/15 14:42:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/07/15 14:42:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2004/07/15 14:42:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/07/15 14:42:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/08/29 16:00:00 | 00,000,568 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
========== LOP Check ========== [2009/09/21 20:49:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/07/05 04:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2009/08/03 03:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/01/07 13:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2009/08/15 17:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009/07/31 11:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/01/09 19:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/08/04 01:34:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/03/28 08:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/08/30 20:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/11/23 18:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/31 11:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/12 16:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2009/09/21 20:49:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\David\Application Data
[2009/10/21 13:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\alot
[2009/01/07 12:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\cerasus.media
[2009/03/28 08:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\DriverCure
[2009/01/07 13:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\eGames
[2009/07/31 12:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\F-Secure
[2009/02/17 01:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\iWin
[2008/08/02 21:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\iWinArcade
[2009/01/07 13:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Meridian93
[2009/09/29 01:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Move Networks
[2008/11/23 18:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\PlayFirst
[2009/05/17 12:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Ventrilo
[2008/08/14 22:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\WinBatch
[2009/03/22 09:59:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 16:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/03 11:13:03 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2009/09/21 20:55:30 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/22 21:22:56 | 00,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2009/08/06 18:00:14 | 00,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/08/06 00:33:18 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/08/15 17:12:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %systemroot%\system32\eventlog.dll >[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1693604
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E851D78
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52067872
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A1DAE9E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA10C5C
< End of report >
my extras otl file:
OTL Extras logfile created on: 10/21/2009 1:50:43 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
991.48 Mb Total Physical Memory | 523.57 Mb Available Physical Memory | 52.81% Memory free
1.88 Gb Paging File | 1.47 Gb Available in Paging File | 78.17% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.76 Gb Free Space | 66.78% Space Free | Partition Type: NTFS
Drive D: | 194.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GAMER2
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}" = X3 REUNION
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}" = Nickelodeon Toon Twister 3-D
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"alotToolbar" = ALOT Toolbar
"AudioConSole" = Creative Audio Console
"avast!" = avast! Antivirus
"Barbie Beauty Boutique CD-ROM" = Barbie Beauty Boutique CD-ROM
"Barbie® As Sleeping Beauty" = Barbie® As Sleeping Beauty
"Birdies" = Birdies (remove only)
"Creative PlayCenter 2.0" = Creative PlayCenter
"Creative Recorder" = Creative Recorder
"DriverAgent.exe" = DriverAgent by eSupport.com
"ERUNT_is1" = ERUNT 1.1j
"EVE" = EVE-ONLINE (remove only)
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MavisBeacon10_SE" = Mavis Beacon Teaches Typing 11
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealPlayer 12.0" = RealPlayer
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Sound Blaster Audigy" = Sound Blaster Audigy
"Spyware Doctor" = Spyware Doctor 6.0
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wordscape Online Party" = Wordscape Online Party (remove only)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Root Repeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/21 13:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF75EF000 Size: 57344 File Visible: - Signed: -
Status: -
Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF79BF000 Size: 19520 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7580000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: AegisP.sys
Image Path: C:\WINDOWS\System32\DRIVERS\AegisP.sys
Address: 0xB86FC000 Size: 15968 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF0051000 Size: 138496 File Visible: - Signed: -
Status: -
Name: amdk7.sys
Image Path: C:\WINDOWS\System32\DRIVERS\amdk7.sys
Address: 0xF769F000 Size: 37760 File Visible: - Signed: -
Status: -
Name: aswFsBlk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Address: 0xF7957000 Size: 32768 File Visible: - Signed: -
Status: -
Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xB856A000 Size: 87424 File Visible: - Signed: -
Status: -
Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xB8162000 Size: 15136 File Visible: - Signed: -
Status: -
Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xEFF95000 Size: 135168 File Visible: - Signed: -
Status: -
Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xF781F000 Size: 42592 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7538000 Size: 96512 File Visible: - Signed: -
Status: -
Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xB836A000 Size: 271872 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7BB2000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B2B000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF79DF000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6A75000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF76CF000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF763F000 Size: 53248 File Visible: - Signed: -
Status: -
Name: COMMONFX.SYS
Image Path: C:\WINDOWS\System32\drivers\COMMONFX.SYS
Address: 0xF0549000 Size: 110592 File Visible: - Signed: -
Status: -
Name: ctac32k.sys
Image Path: C:\WINDOWS\System32\drivers\ctac32k.sys
Address: 0xF0607000 Size: 638976 File Visible: - Signed: -
Status: -
Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xF6B7F000 Size: 513536 File Visible: - Signed: -
Status: -
Name: CTAUDFX.SYS
Image Path: C:\WINDOWS\System32\drivers\CTAUDFX.SYS
Address: 0xF04BE000 Size: 569344 File Visible: - Signed: -
Status: -
Name: ctoss2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctoss2k.sys
Address: 0xF6B04000 Size: 212992 File Visible: - Signed: -
Status: -
Name: ctprxy2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Address: 0xF78DF000 Size: 32768 File Visible: - Signed: -
Status: -
Name: CTSBLFX.SYS
Image Path: C:\WINDOWS\System32\drivers\CTSBLFX.SYS
Address: 0xF01AC000 Size: 581632 File Visible: - Signed: -
Status: -
Name: ctsfm2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Address: 0xF06A3000 Size: 167936 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF762F000 Size: 36352 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76AF000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEFF7D000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B3F000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF73B9000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7BBE000 Size: 4096 File Visible: - Signed: -
Status: -
Name: emupia2k.sys
Image Path: C:\WINDOWS\System32\drivers\emupia2k.sys
Address: 0xF06CC000 Size: 192512 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF78F7000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF768F000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF796F000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7518000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B29000 Size: 7936 File Visible: - Signed: -
Status: -
Name: fssfltr_tdi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Address: 0xF03EB000 Size: 48128 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7550000 Size: 125056 File Visible: - Signed: -
Status: -
Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xF7A8B000 Size: 10624 File Visible: - Signed: -
Status: -
Name: GTNDIS5.SYS
Image Path: C:\WINDOWS\system32\GTNDIS5.SYS
Address: 0xB819A000 Size: 15872 File Visible: - Signed: -
Status: -
Name: ha10kx2k.sys
Image Path: C:\WINDOWS\system32\drivers\ha10kx2k.sys
Address: 0xF06FB000 Size: 1089536 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF797F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB7C54000 Size: 264832 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF76FF000 Size: 52480 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF76BF000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF00C1000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF0140000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75CF000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF790F000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7ACF000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB7909000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF6B38000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF74DE000 Size: 92928 File Visible: - Signed: -
Status: -
Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF78D7000 Size: 18048 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B2D000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF78FF000 Size: 23040 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF75FF000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB83D5000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xEFFB6000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF798F000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF773F000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7AA3000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF73E5000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7411000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7A9B000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB86F8000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF6AB5000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF775F000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF783F000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF0073000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7997000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF743E000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CDA000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000 Size: 5844992 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xF6BFD000 Size: 7741664 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF75DF000 Size: 61696 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF6ACC000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7857000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7B0D000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF756F000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF784F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pctfw2.sys
Image Path: C:\WINDOWS\system32\drivers\pctfw2.sys
Address: 0xF009B000 Size: 154752 File Visible: - Signed: -
Status: -
Name: PfModNT.sys
Image Path: C:\WINDOWS\System32\PfModNT.sys
Address: 0xF7B3D000 Size: 4352 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF6B5B000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF6A04000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF791F000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF69A2000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF770F000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF771F000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF772F000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7927000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF0026000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B2F000 Size: 4224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF76DF000 Size: 57600 File Visible: - Signed: -
Status: -
Name: RNDISMP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\RNDISMP.SYS
Address: 0xF79D7000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7CF5000 Size: 49152 File Visible: No Signed: -
Status: -
Name: s3gnbm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
Address: 0xF7374000 Size: 167040 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7A97000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF76EF000 Size: 64512 File Visible: - Signed: -
Status: -
Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xF73FF000 Size: 73728 File Visible: - Signed: -
Status: -
Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF785F000 Size: 32768 File Visible: - Signed: -
Status: -
Name: sfsync02.sys
Image Path: sfsync02.sys
Address: 0xF760F000 Size: 36864 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7506000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB8110000 Size: 333952 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7AFF000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB831A000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF00E7000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7917000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF774F000 Size: 40704 File Visible: - Signed: -
Status: -
Name: TfFsMon.sys
Image Path: TfFsMon.sys
Address: 0xF74F5000 Size: 69632 File Visible: - Signed: -
Status: -
Name: TfKbMon.sys
Image Path: C:\WINDOWS\System32\Drivers\TfKbMon.sys
Address: 0xF7907000 Size: 32768 File Visible: - Signed: -
Status: -
Name: TfSysMon.sys
Image Path: TfSysMon.sys
Address: 0xF764F000 Size: 49152 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF69A6000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usb8023.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usb8023.sys
Address: 0xF05E7000 Size: 12800 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7B27000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF78EF000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF77FF000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF6AE0000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF78E7000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7987000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF765F000 Size: 42240 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7AD3000 Size: 5376 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7360000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF761F000 Size: 52352 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF782F000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7897000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB800B000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7AD1000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF697E000 Size: 12032 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF74CB000 Size: 77568 File Visible: - Signed: -
Status: -
MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 3003
Windows 5.1.2600 Service Pack 3
10/21/2009 3:51:39 AM
mbam-log-2009-10-21 (03-51-39).txt
Scan type: Quick Scan
Objects scanned: 133629
Time elapsed: 13 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Please help!!! Even typing in this box there is a lag! Takes like a couple of seconds for the computer to catch up with my typing.
ughh!