Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Comp problems possibly caused by uacd.sys?

Started by namedgene , Dec 09 2009 05:08 PM

  • Please log in to reply

#1
namedgene
Posted 09 December 2009 - 05:08 PM

namedgene

    New Member

  • Member
  • Pip
  • 1 posts
Hello everyone,

I think I may have picked up some malware/virus/something. Other than general computer slowness, I have been getting various popups telling me that "Google Installer has stopped working" or "Internet Explorer has stopped working. I then got a message from Problem Reports and Solutions that my computer was probably infected by UACD.sys (or something like that). None of my anti-virus or anti-malware programs worked. At one point I had an advertisement blaring from my speakers in the background for no reason. I managed to run AVG on Safe Mode, and changed mbam.exe to mbamblah.exe to get it to open. It said I had four infections and I got rid of them. But I'm still getting mysterious multiple iexplore.exe processes opening in my task manager, and my computer is still horrible slow and crash prone, even though my recent scans have gotten nothing. And the _____ has stopped working things still pop up. Anyone think they can help?

I tried to scan my comp using RootRepeal but it keeps freezing.

This is my mbam log for the first scan:

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18828

12/8/2009 10:44:47 PM
mbam-log-2009-12-08 (22-44-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 292779
Time elapsed: 1 hour(s), 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\RegGenieOnUninstall.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Tamara\AppData\Roaming\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.



This is my OTL report:

OTL logfile created on: 12/9/2009 2:20:17 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Users\Tamara\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 463.09 Mb Available Physical Memory | 48.35% Memory free
2.13 Gb Paging File | 1.76 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.59 Gb Total Space | 13.64 Gb Free Space | 13.17% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.71 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.05 Gb Total Space | 1.01 Gb Free Space | 96.00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GENIE
Current User Name: Tamara
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/08 23:53:39 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Downloads\OTL.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/08 23:53:39 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Downloads\OTL.exe
MOD - [2008/01/19 02:36:40 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/19 02:36:00 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
MOD - [2008/01/19 02:34:45 | 01,160,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 07:35:48 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\NBMapTIP.dll
MOD - [2006/11/02 04:46:10 | 00,408,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
MOD - [2006/11/02 04:42:17 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (stllssvr)
SRV - File not found -- -- (McAfeeFramework)
SRV - File not found -- -- (IDriverT)
SRV - [2009/12/08 04:12:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/17 13:18:42 | 06,582,912 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL)
SRV - [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/09 12:18:30 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/19 21:00:18 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2009/01/19 21:00:18 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/10 02:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2.2)
SRV - [2008/12/04 04:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/04/16 14:53:02 | 00,954,368 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\D-Link\DWA-130 revD\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/19 12:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/22 15:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2006/12/14 19:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/08/05 04:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/05/02 14:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.35
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {aef0a1d0-4006-11dd-ae16-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.081108
FF - prefs.js..extensions.enabledItems: {d596c130-b00a-11db-abbd-0800200c9a66}:2.080708


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/08 04:12:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/03 02:04:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 21:31:26 | 00,000,000 | ---D | M]

[2008/06/18 14:26:21 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Mozilla\Extensions
[2009/12/08 04:14:30 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\12z5tc0v.default\extensions
[2008/08/18 11:10:48 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\12z5tc0v.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/07/21 09:39:11 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\12z5tc0v.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/08/18 11:05:05 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\12z5tc0v.default\extensions\{aef0a1d0-4006-11dd-ae16-0800200c9a66}
[2008/08/17 18:15:13 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\12z5tc0v.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2009/12/08 04:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/03/05 12:59:06 | 00,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/09/13 22:19:12 | 00,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [KeyAccess] C:\Windows\keyacc32.exe (Sassafras Software Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Tamara\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (KATRACK.DLL) - C:\Windows\katrack.dll (Sassafras Software Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 03:15:18 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{12f29993-d06d-11dd-8b64-001b2463392f}\Shell\AutoRun\command - "" = G:\m9ma.exe -- File not found
O33 - MountPoints2\{12f29993-d06d-11dd-8b64-001b2463392f}\Shell\explore\Command - "" = G:\m9ma.exe -- File not found
O33 - MountPoints2\{12f29993-d06d-11dd-8b64-001b2463392f}\Shell\open\Command - "" = G:\m9ma.exe -- File not found
O33 - MountPoints2\{6942421c-be0e-11dc-965a-001b2463392f}\Shell - "" = AutoRun
O33 - MountPoints2\{6942421c-be0e-11dc-965a-001b2463392f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a9940a29-5a66-11dd-8ed0-001b2463392f}\Shell - "" = AutoRun
O33 - MountPoints2\{a9940a29-5a66-11dd-8ed0-001b2463392f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f1df7171-dec9-11dd-a324-001b2463392f}\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{f4d463ee-da8a-11dd-a009-001b2463392f}\Shell\AutoRun\command - "" = m9ma.exe
O33 - MountPoints2\{f4d463ee-da8a-11dd-a009-001b2463392f}\Shell\explore\Command - "" = m9ma.exe
O33 - MountPoints2\{f4d463ee-da8a-11dd-a009-001b2463392f}\Shell\open\Command - "" = m9ma.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:9420600d0b /A:"*" /L:"English" /KBD:3) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/18 21:44:37 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/12/08 17:39:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/08 17:39:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/08 04:13:54 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/08 04:12:54 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[936 C:\Users\Tamara\Desktop\*.tmp files -> C:\Users\Tamara\Desktop\*.tmp -> ]
[3306 C:\Users\Tamara\Documents\*.tmp files -> C:\Users\Tamara\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/09 14:20:15 | 02,621,440 | ---- | M] () -- C:\Users\Tamara\ntuser.dat
[2009/12/09 00:54:10 | 00,001,356 | ---- | M] () -- C:\Users\Tamara\AppData\Local\d3d9caps.dat
[2009/12/09 00:23:11 | 00,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/12/09 00:13:22 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/09 00:13:22 | 00,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/09 00:13:22 | 00,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/08 23:51:36 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2009/12/08 23:40:08 | 00,000,194 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2009/12/08 23:39:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/08 23:37:57 | 17,779,7232 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/08 23:27:30 | 00,054,708 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/08 23:26:01 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 23:26:01 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 23:26:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/08 23:23:45 | 00,524,288 | -HS- | M] () -- C:\Users\Tamara\ntuser.dat{326dff4d-1c8f-11de-92fd-001b2463392f}.TMContainer00000000000000000001.regtrans-ms
[2009/12/08 23:23:45 | 00,065,536 | -HS- | M] () -- C:\Users\Tamara\ntuser.dat{326dff4d-1c8f-11de-92fd-001b2463392f}.TM.blf
[2009/12/08 22:50:48 | 00,054,708 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/08 22:47:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1526565377-1820093507-1606429171-1000UA.job
[2009/12/08 16:47:04 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1526565377-1820093507-1606429171-1000Core.job
[2009/12/08 14:57:45 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{87217A5E-A0FB-49C3-B40E-2FA6C9053CE5}.job
[2009/12/08 11:34:04 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/08 04:13:40 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/12/08 04:13:37 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/12/08 04:13:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/12/08 04:13:37 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/12/08 04:13:36 | 46,334,996 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/08 04:13:36 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/12/08 04:13:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/12/08 04:13:23 | 00,116,698 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/08 03:52:24 | 01,234,944 | ---- | M] () -- C:\ProgramData\KeyAccess Audit
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/30 09:59:05 | 00,000,600 | ---- | M] () -- C:\Users\Tamara\AppData\Local\PUTTY.RND
[2009/11/28 09:57:34 | 00,354,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/28 01:19:46 | 00,101,184 | ---- | M] () -- C:\Users\Tamara\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/27 11:31:01 | 00,102,480 | ---- | M] () -- C:\Users\Tamara\AppData\Roaming\GDIPFONTCACHEV1.DAT
[936 C:\Users\Tamara\Desktop\*.tmp files -> C:\Users\Tamara\Desktop\*.tmp -> ]
[3306 C:\Users\Tamara\Documents\*.tmp files -> C:\Users\Tamara\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/08 23:51:36 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2009/12/08 23:12:06 | 17,779,7232 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/08 04:13:40 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/12/08 03:36:35 | 00,000,194 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/07/30 10:12:20 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/30 10:12:20 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/11 00:25:34 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/10 13:31:38 | 00,054,708 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/10 13:31:38 | 00,054,708 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/15 10:09:21 | 00,001,356 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d9caps.dat
[2009/01/19 13:41:59 | 00,000,032 | ---- | C] () -- C:\Windows\System32\thxcfg.ini
[2009/01/19 13:19:01 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/01/19 11:21:19 | 00,000,622 | ---- | C] () -- C:\Windows\RegGenie.ini
[2009/01/18 11:56:56 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/01/18 11:56:30 | 00,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/09/19 10:33:33 | 00,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2008/09/08 13:39:36 | 00,000,600 | ---- | C] () -- C:\Users\Tamara\AppData\Local\PUTTY.RND
[2008/09/03 20:57:54 | 00,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/05/13 13:54:07 | 00,000,224 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\APUSet.xml
[2008/05/13 13:53:54 | 00,006,007 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\PrimoPDFSet.xml
[2008/05/13 13:52:22 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2007/08/08 13:30:01 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/07 14:14:52 | 00,025,248 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\nvModes.dat
[2007/08/07 14:14:52 | 00,025,248 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\nvModes.001
[2007/08/07 13:12:00 | 00,138,240 | ---- | C] () -- C:\Users\Tamara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/07 11:54:29 | 00,000,000 | ---- | C] () -- C:\Users\Tamara\AppData\Local\QSwitch.txt
[2007/08/07 11:54:29 | 00,000,000 | ---- | C] () -- C:\Users\Tamara\AppData\Local\DSwitch.txt
[2007/08/07 11:54:29 | 00,000,000 | ---- | C] () -- C:\Users\Tamara\AppData\Local\AtStart.txt
[2007/05/29 03:01:18 | 00,001,347 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/06 17:49:36 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/07 07:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/03/14 11:57:26 | 01,234,944 | ---- | C] () -- C:\ProgramData\KeyAccess Audit
[2000/09/01 12:00:00 | 00,001,526 | ---- | C] () -- C:\Windows\keyacc.ini

========== LOP Check ==========

[2009/03/29 13:53:45 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\.BitTornado
[2007/08/10 02:47:37 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\acccore
[2007/09/01 04:01:46 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Acoustica
[2009/11/20 21:14:34 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\BitTorrent
[2009/02/27 22:28:06 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Deusty
[2009/12/08 23:27:30 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\DNA
[2009/08/25 23:41:10 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FileZilla
[2008/02/07 00:12:29 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Geniesoft
[2008/02/19 22:45:23 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\HorizonWimba
[2008/04/14 13:14:12 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\LimeWire
[2009/01/18 11:59:20 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\MAGIX
[2008/09/16 14:59:13 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Opera
[2008/09/19 10:37:36 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TrojanHunter
[2009/01/19 11:27:27 | 00,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TuneUp Software
[2009/12/08 03:52:47 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/08 14:57:45 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{87217A5E-A0FB-49C3-B40E-2FA6C9053CE5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/05/29 03:23:16 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/29 03:23:16 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/29 03:23:16 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 03:14:15 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 03:14:15 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 03:14:13 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 16:28:56 | 00,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\SwSetup\Chipset\WinVista32\IDE\WinVista\sata_ide\nvstor32.sys
[2006/12/22 16:28:56 | 00,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Windows\System32\drivers\nvstor32.sys
[2006/12/22 16:28:56 | 00,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_07a99397\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< CREATERESTOREPOIN >

========== Files - Unicode (All) ==========
[2008/03/13 05:20:40 | 00,000,162 | -H-- | M] ()(C:\Users\Tamara\Documents\~$????.doc) -- C:\Users\Tamara\Documents\~$????.doc
[2008/03/13 05:20:40 | 00,000,162 | -H-- | C] ()(C:\Users\Tamara\Documents\~$????.doc) -- C:\Users\Tamara\Documents\~$????.doc
< End of report >

OTL Extras logfile created on: 12/9/2009 2:20:17 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Users\Tamara\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 463.09 Mb Available Physical Memory | 48.35% Memory free
2.13 Gb Paging File | 1.76 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.59 Gb Total Space | 13.64 Gb Free Space | 13.17% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.71 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.05 Gb Total Space | 1.01 Gb Free Space | 96.00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GENIE
Current User Name: Tamara
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1526565377-1820093507-1606429171-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{563AA60D-8638-4C96-92CE-243608D2C8D8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16FF165C-73A7-4E3A-9E18-E907C44F35E5}" = protocol=17 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1BC28D64-4F6C-47B0-871D-F89ABDF9A242}" = protocol=6 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{1DC96FEE-9344-4A5E-84E4-1B06D26B9667}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{23B6F5F4-099F-4722-BB9E-758D872D4D72}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{24549799-3023-4B51-8A1A-D3C3D469C48F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27C329FF-A086-4BB0-9E32-39E1B4C72C30}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{281C2847-2E36-4FC3-B576-F8EBE829CE29}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{356071BA-29E6-4E31-828F-8381CF56CC49}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{387C8EC0-1E73-458A-8460-103F639494FC}" = protocol=17 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3E1165D4-6501-4D5C-B527-FD0719E2BFBF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{497B06D3-03C1-42D0-B44B-0A88B07FB58D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D01B6-F510-4C31-8EE6-831759C9242C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F3C229B-4BB9-4778-9836-C7467CCCD4B0}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{5E3CD172-BE77-4F3A-BECC-AFFA96BC6CD1}" = protocol=17 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{60034506-2560-4626-AC6D-E1FBBD3889EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A3B6C69-1C91-47E7-93C5-740DA4F85A4E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BA7DE4B-366F-4213-9E06-54F6535F5BA2}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6BE905B4-99A4-40D6-8FAA-F8D9002C9E41}" = protocol=6 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7007C4F1-39DC-4B76-AE16-CC8144F8B416}" = dir=in | app=c:\program files\pharossystems\core\ctskmstr.exe |
"{7C6FE9BF-7445-454C-8B08-6CC996F4809A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A684E22-2E89-4108-B28A-84B8009677B8}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{8EF3FB09-4A0E-40C8-9AD6-E286554CD8A7}" = protocol=6 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{938BA374-0413-4326-9048-07B96B509BA4}" = protocol=17 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{9F9E3A2B-4A28-43AD-878F-3840BC7DC161}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A7EC4B43-18B7-4143-9095-57030A904B5B}" = protocol=6 | dir=in | app=c:\users\tamara\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{AA31631A-5B91-4368-8209-91CD47178504}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AE1F108C-74C1-4A86-898A-639507BC8656}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AF3360B3-52FB-47E0-B472-39F5E0A261E2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C0C66436-990F-4168-AFF3-FE824AD14BB8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C4F65EDC-1173-4BA8-AFE6-3E11909A0A25}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C57766BC-407A-4CFE-BA7C-6D0F3C25AD94}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C6A91080-206C-48A7-AF2E-C1C6CF0C8234}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C8592767-FD6B-46DB-B424-67CD2A653DF8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{CDCE7A1C-9874-48A3-9522-31F2D1C9B9EE}" = protocol=17 | dir=in | app=c:\windows\keyacc32.exe |
"{FEFCB4EC-B6D6-4FF4-A6F2-D6960DE49C47}" = protocol=6 | dir=in | app=c:\windows\keyacc32.exe |
"{FF635784-A5B9-45FC-88A3-645CF55A51AB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{2C1F6F58-4178-45B7-80CE-D86E08010B78}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{2F76F598-BA38-437A-A03E-95669F98BF71}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5A611644-8C0A-4361-A66A-B7A9308BE134}C:\program files\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files\deusty\mojo\mojo.exe |
"TCP Query User{69DF29CE-9B06-42E0-9357-BF143819F48D}C:\program files\xming\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming\xming.exe |
"TCP Query User{6E2AA3A0-AA33-4958-BFB5-254BC2ED3ABC}C:\users\tamara\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tamara\program files\dna\btdna.exe |
"TCP Query User{91DADF49-3D09-4154-9D1C-759B59B271D7}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{92E33934-6164-4FC6-9272-2016449BCE03}C:\program files\xming\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming\xming.exe |
"TCP Query User{9DCDFF8F-033E-4DE3-ADCC-A709A577C8CD}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{A34DB37F-4F09-4AD5-B231-BD68B8D0CE22}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A4C2B474-20BE-4DCA-B6FE-B90D68EE1B68}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{ADE35793-5AAB-4E65-82F3-4BEE0A0B1837}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AEFBAF48-1882-49F9-98CA-ABA736F1B4E1}C:\users\tamara\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tamara\program files\dna\btdna.exe |
"TCP Query User{B605925C-C3EE-4BF3-9757-9A90B7A65DA9}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{DD63E689-0FBC-47DC-B59D-B45C8C00C2CE}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{F1A717FD-6655-4191-8118-E6E12334BBBD}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{F47CB9C8-E921-415F-8562-072973465667}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{FE67936E-8CD8-45D0-B521-87A677C2FB53}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{01E99F73-F3FD-4FC9-84DA-8D85521E42CB}C:\users\tamara\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tamara\program files\dna\btdna.exe |
"UDP Query User{0850577E-54C2-4CED-83C2-44307392E3F9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0DBCD69D-A11D-4DFB-942B-75BC1B9C2E32}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{13D22E6B-A572-46E0-81FB-CD94A1F403AE}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{17E4D6C5-BC2E-439F-8A23-F7826F3DCDD2}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{1CD6316A-40B0-4F09-962E-A5B1700DD49C}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{21F65AB6-F58D-4898-9BD7-8716A4DF5003}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{2AF9DDE5-2351-423F-A2D6-AFAC1C14B806}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4E47E9F9-9DCB-46AC-99A9-2DEFDF2CB3AD}C:\users\tamara\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tamara\program files\dna\btdna.exe |
"UDP Query User{618C5CE1-940A-4B16-A91B-5C95FA8841E5}C:\program files\xming\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming\xming.exe |
"UDP Query User{73627B89-7224-496C-BA9A-174048AC5D9E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{823E0906-8181-4981-8C8E-EC8999114BA0}C:\program files\xming\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming\xming.exe |
"UDP Query User{8600AEB2-8F2B-4EF9-9F5F-921BED05C391}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{8A2CCD69-E28B-4783-974B-964A43BF45C9}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{92885939-9E9F-4C90-9E84-2C5FCA398FDD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A82B0E61-5F31-4C68-B88D-576DF30D6F20}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D0042FF5-069F-4333-8E9C-B4BB58656553}C:\program files\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files\deusty\mojo\mojo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36A665C9-D77D-4DD6-B3BB-D7224E7B764F}" = MySQL Server 5.1
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-130
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.11
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9979A625-670E-44FB-9FA9-32FFCB57EFDE}" = Mojo
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{E23D1D2C-1762-11D5-A8D2-00C04FA35723}" = Sassafras K2 Client
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"FileZilla Client" = FileZilla Client 3.2.6.1
"GenieSoft Overture_is1" = GenieSoft Overture v4.0.2.16
"GSpot" = GSpot Codec Information Appliance
"LastFM_is1" = Last.fm 1.5.4.24567
"LimeWire" = LimeWire PRO 4.12.3
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NVIDIA Drivers" = NVIDIA Drivers
"Pharos" = Pharos
"PopCap Browser Plugin" = PopCap Browser Plugin
"PrimoPDF4.0.1" = PrimoPDF
"qt7lite_is1" = QT Lite 2.8.0
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2009 12:14:00 AM | Computer Name = Genie | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xc0000005, fault offset 0x00045dbe, process id 0x6fc, application
start time 0x01ca7885e9511b36.

Error - 12/9/2009 12:14:13 AM | Computer Name = Genie | Source = EventSystem | ID = 4609
Description =

Error - 12/9/2009 12:14:38 AM | Computer Name = Genie | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp
0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xc0000005, fault offset 0x00045dbe, process id 0x570, application
start time 0x01ca78860d11a216.

Error - 12/9/2009 12:14:51 AM | Computer Name = Genie | Source = EventSystem | ID = 4609
Description =

Error - 12/9/2009 12:27:03 AM | Computer Name = Genie | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, time stamp
0x48af14ef, faulting module GoogleUpdate.exe, version 1.2.131.7, time stamp 0x48af14ef,
exception code 0x80000003, fault offset 0x00006eef, process id 0xd6c, application
start time 0x01ca7887d009827a.

Error - 12/9/2009 12:30:36 AM | Computer Name = Genie | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module avgssie.dll, version 9.0.0.701, time stamp 0x4aeee69b,
exception code 0xc0000409, fault offset 0x000d7fa0, process id 0x9c0, application
start time 0x01ca7887eaafa73a.

Error - 12/9/2009 12:34:04 AM | Computer Name = Genie | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00043118, process id 0x990, application
start time 0x01ca78887ae919da.

Error - 12/9/2009 12:40:04 AM | Computer Name = Genie | Source = EventSystem | ID = 4609
Description =

Error - 12/9/2009 12:40:39 AM | Computer Name = Genie | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xc0000005, fault offset 0x00045dbe, process id 0x758, application
start time 0x01ca7889a69a6a7b.

Error - 12/9/2009 12:40:51 AM | Computer Name = Genie | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 8/7/2009 1:30:17 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/7/2009 3:46:04 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/17/2009 9:26:28 PM | Computer Name = Genie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/22/2009 5:19:20 AM | Computer Name = Genie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/23/2009 1:28:45 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/16/2009 1:29:47 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/6/2009 7:41:10 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:46:26 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/20/2009 5:36:04 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/20/2009 7:44:48 PM | Computer Name = Genie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP