Window XP home freezing up CONSTANTLY HELP

I ran thru everything on the malware page here are the results. Can someone please help me? Thank you!

OTL logfile created on: 12/28/2009 4:35:08 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\George Ciccarone\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3300 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.26 Gb Total Space | 54.41 Gb Free Space | 51.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BY-SJ2XFMVD3B86
Current User Name: George Ciccarone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 16:12:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Ciccarone\My Documents\OTL.exe
PRC - [2009/12/18 08:56:54 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/02 02:39:19 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/13 08:23:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/10/09 18:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/10/09 18:17:40 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/07/22 21:46:52 | 00,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/07/22 21:40:54 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 00:15:32 | 00,634,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe
PRC - [2003/01/10 15:54:12 | 00,028,729 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\MSGSYS.EXE
PRC - [2002/09/03 08:28:48 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe

========== Modules (SafeList) ==========

MOD - [2009/12/28 16:12:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Ciccarone\My Documents\OTL.exe
MOD - [2007/10/19 13:19:10 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 09:57:38 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/13 08:23:13 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ec434336eaaa) Google Update Service (gupdate1c9ec434336eaaa)
SRV - [2009/06/13 08:22:06 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/27 14:47:53 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2009/03/11 10:05:16 | 00,125,304 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/26 11:23:06 | 00,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/06/26 11:23:02 | 00,170,480 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/06/26 11:22:44 | 01,108,464 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/12/06 22:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/10/09 18:17:44 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/22 21:52:30 | 00,225,353 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2005/07/22 21:43:46 | 00,372,809 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/22 21:40:54 | 00,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/07/22 21:40:16 | 00,139,264 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2003/05/21 00:15:32 | 00,634,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe -- (NSCTOP)
SRV - [2003/01/10 15:55:14 | 00,036,915 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\CBA\XFR.EXE -- (Intel File Transfer)
SRV - [2003/01/10 15:54:56 | 00,032,819 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\CBA\PDS.EXE -- (Intel PDS)
SRV - [2003/01/10 09:01:38 | 00,028,743 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE -- (Intel Alert Handler)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.6.0
FF - prefs.js..keyword.URL: "http://www.fastbrows...AB4ECB5C29}&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 08:57:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 08:57:01 | 00,000,000 | ---D | M]

[2009/12/11 16:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Mozilla\Extensions
[2009/12/11 16:50:53 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Ciccarone\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009/08/16 09:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Mozilla\Extensions\[email protected]
[2009/12/28 15:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Mozilla\Firefox\Profiles\fpnlosuu.default\extensions
[2009/11/15 21:40:07 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Ciccarone\Application Data\Mozilla\Firefox\Profiles\fpnlosuu.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/12/28 15:03:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/28 15:03:51 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483}
[2009/10/07 16:56:57 | 00,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2009/11/16 10:16:49 | 00,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/11/16 10:16:49 | 00,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\George Ciccarone\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1243519225640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/27 14:52:03 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2dde4cbd-d2dc-11de-b4d1-0015c5ba876c}\Shell\AutoRun\command - "" = G:\Windows\bin\eblSetup.exe -- File not found
O33 - MountPoints2\{370b59c6-512d-11de-b3ef-0015c5ba876c}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{936111c4-e2a9-11de-b4e0-0015c5ba876c}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/27 07:38:52 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54891125151891456)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 16:12:02 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George Ciccarone\My Documents\OTL.exe
[2009/12/28 15:02:32 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/12/28 15:02:29 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2009/12/28 13:59:28 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\George Ciccarone\My Documents\mbam-setup(2).exe
[2009/12/28 13:58:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/28 13:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/28 13:57:30 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\George Ciccarone\My Documents\erunt_setup.exe
[2009/12/28 13:56:57 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\George Ciccarone\My Documents\SysRestorePoint.exe
[2009/12/28 13:48:28 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George Ciccarone\My Documents\TFC.exe
[2009/12/28 13:38:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\George Ciccarone\Application Data\Malwarebytes
[2009/12/28 13:38:47 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/28 13:38:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 13:38:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/28 13:38:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/28 13:38:00 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\George Ciccarone\My Documents\mbam-setup.exe
[2009/12/27 18:50:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\George Ciccarone\Desktop\Tantra
[2009/12/20 11:13:22 | 00,000,000 | --SD | C] -- C:\Documents and Settings\George Ciccarone\My Documents\My Data Sources
[2009/12/19 03:00:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/12/18 08:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/12/18 08:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/12/18 08:28:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/12/18 08:28:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/12/16 08:40:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/12/14 20:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\George Ciccarone\Desktop\My Videos
[2009/12/09 13:55:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/14 08:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/07/12 13:26:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/06/20 22:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/13 13:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/13 08:23:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/04 20:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/05/29 06:25:08 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\George Ciccarone\Application Data\pcouffin.sys
[2009/05/27 14:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/27 14:51:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/28 16:31:00 | 00,000,845 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/28 16:27:55 | 00,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/28 16:27:55 | 00,456,872 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/28 16:27:55 | 00,075,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/28 16:23:22 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/28 16:23:06 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/28 16:23:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 16:22:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 16:12:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Ciccarone\My Documents\OTL.exe
[2009/12/28 15:45:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/28 14:58:37 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\gmer.zip
[2009/12/28 14:01:07 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\George Ciccarone\NTUSER.DAT
[2009/12/28 14:00:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 13:59:52 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\George Ciccarone\My Documents\mbam-setup(2).exe
[2009/12/28 13:58:19 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/28 13:58:16 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Desktop\NTREGOPT.lnk
[2009/12/28 13:58:16 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Desktop\ERUNT.lnk
[2009/12/28 13:57:34 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\George Ciccarone\My Documents\erunt_setup.exe
[2009/12/28 13:56:59 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\George Ciccarone\My Documents\SysRestorePoint.exe
[2009/12/28 13:50:36 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\George Ciccarone\ntuser.ini
[2009/12/28 13:48:29 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Ciccarone\My Documents\TFC.exe
[2009/12/28 13:38:22 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\George Ciccarone\My Documents\mbam-setup.exe
[2009/12/28 11:52:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 20:49:15 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 18:21:43 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/12/27 18:21:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/25 20:49:21 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/24 11:49:37 | 00,012,218 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\These are special candy shop rules and may never be broken.docx
[2009/12/24 10:28:20 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/12/23 08:44:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/22 21:46:34 | 00,024,745 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Desktop\ACCOUNTS (Autosaved).docx
[2009/12/22 19:41:11 | 00,123,299 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\Logo 3.mp3
[2009/12/22 19:34:41 | 00,629,092 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\Bossa Exemplar 30.m4a
[2009/12/21 17:36:27 | 00,377,856 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\finalCasino Cops Boyd_97_worddoc.doc
[2009/12/21 17:34:04 | 00,145,540 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\finalCasino Cops Boyd_97_worddoc.docx
[2009/12/21 17:32:49 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\Casino Cops americancasino_97_worddoc.doc
[2009/12/20 10:50:36 | 00,014,613 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\X mas card list.docx
[2009/12/20 10:04:24 | 00,224,014 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Desktop\elevatorcropped.psd
[2009/12/20 07:55:32 | 07,128,064 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Desktop\contacts.pst
[2009/12/19 00:56:48 | 00,036,472 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\My Documents\christmas mail merg.docx
[2009/12/18 09:04:34 | 00,108,920 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\g2ax_customer_downloadhelper_win32_x86.exe
[2009/12/18 08:57:49 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\George Ciccarone\Application Data\setup_ldm.iss
[2009/12/16 08:40:54 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/14 22:08:54 | 00,000,207 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== Files Created - No Company Name ==========

[2009/12/28 14:58:36 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\gmer.zip
[2009/12/28 13:58:19 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/28 13:58:16 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Desktop\NTREGOPT.lnk
[2009/12/28 13:58:16 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Desktop\ERUNT.lnk
[2009/12/28 13:38:50 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/25 20:49:21 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/24 11:49:36 | 00,012,218 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\These are special candy shop rules and may never be broken.docx
[2009/12/22 19:41:11 | 00,123,299 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\Logo 3.mp3
[2009/12/22 19:34:39 | 00,629,092 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\Bossa Exemplar 30.m4a
[2009/12/21 17:36:26 | 00,377,856 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\finalCasino Cops Boyd_97_worddoc.doc
[2009/12/21 17:34:04 | 00,145,540 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\finalCasino Cops Boyd_97_worddoc.docx
[2009/12/21 16:42:58 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\Casino Cops americancasino_97_worddoc.doc
[2009/12/20 10:04:24 | 00,224,014 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Desktop\elevatorcropped.psd
[2009/12/20 08:49:13 | 00,014,613 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\X mas card list.docx
[2009/12/20 07:55:31 | 06,366,208 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\contacts.bak
[2009/12/19 00:20:23 | 00,036,472 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\My Documents\christmas mail merg.docx
[2009/12/18 09:04:33 | 00,108,920 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\g2ax_customer_downloadhelper_win32_x86.exe
[2009/12/18 08:53:52 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/12/18 08:32:54 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Application Data\setup_ldm.iss
[2009/09/27 08:19:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/09/10 14:39:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/09/10 14:32:31 | 00,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/10 14:32:31 | 00,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/10 14:32:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/10 14:32:31 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/28 19:10:28 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Local Settings\Application Data\rx_image.Cache
[2009/08/13 13:35:32 | 00,000,207 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/23 14:48:22 | 00,166,912 | ---- | C] () -- C:\WINDOWS\System32\Lame_enc.dll
[2009/07/17 09:59:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\canopus.ini
[2009/07/17 09:37:42 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\pavedius4db.dll
[2009/07/17 09:37:42 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll
[2009/06/17 12:16:57 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/06/03 16:37:27 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/29 10:46:23 | 00,009,282 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Application Data\SmarThruOptions.xml
[2009/05/29 10:46:13 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/05/29 10:45:56 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2009/05/29 10:29:51 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\scx425ci.dll
[2009/05/29 06:25:12 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Application Data\pcouffin.log
[2009/05/29 06:25:08 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Application Data\inst.exe
[2009/05/29 06:25:08 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Application Data\pcouffin.cat
[2009/05/29 06:25:08 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\George Ciccarone\Application Data\pcouffin.inf
[2009/05/27 16:51:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/27 16:11:56 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/05/27 15:41:27 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/05/27 15:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/05/27 15:18:56 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2007/10/11 18:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/09 20:35:54 | 00,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/09/16 01:38:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/09/16 01:38:18 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/09/16 01:38:18 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/09/16 01:38:18 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/11/28 16:11:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/20 10:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/05/21 00:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

========== LOP Check ==========

[2009/07/17 10:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canopus
[2009/08/20 20:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2009/11/06 10:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/07/20 08:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2009/07/28 12:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/11/24 06:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/07/11 12:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2009/07/23 14:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/16 15:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/10/25 08:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/12 21:44:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 19:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/28 06:05:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Blackberry Desktop
[2009/07/17 10:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Canopus
[2009/07/22 18:13:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\CASIO
[2009/05/29 06:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/20 08:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\eFax Messenger
[2009/11/20 08:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\ElevatedDiagnostics
[2009/07/28 12:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\GlobalSCAPE
[2009/05/29 08:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\InterVideo
[2009/07/31 07:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\j2 Global
[2009/08/13 13:45:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Leadertech
[2009/08/16 10:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\LimeWire
[2009/08/17 12:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\MoveFab
[2009/05/28 05:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Research In Motion
[2009/12/11 16:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Scendix Software
[2009/05/29 10:46:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\SmarThru4
[2009/05/29 07:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Vso
[2009/12/09 13:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Windows Desktop Search
[2009/12/09 13:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\George Ciccarone\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 08:27:33 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F
< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-28 15:38:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\kwdcrpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\ACPI \Device\00000050 89EC6A10
Device \Driver\ACPI \Device\00000051 89EC6A10
Device \Driver\ACPI \Device\00000052 89EC6A10
Device \Driver\ACPI \Device\00000053 89EC6A10
Device \Driver\ACPI \Device\00000064 89EC6A10
Device \Driver\ACPI \Device\00000058 89EC6A10
Device \Driver\ACPI \Device\00000065 89EC6A10
Device \Driver\ACPI \Device\00000059 89EC6A10

#1
george28

Posted 28 December 2009 - 06:49 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us