I was helping a coworker with a computer issue and now I am stuck. I figured that with the help of the prep work...we should have addresses what was wrong.
The issue seems to be that when the computer boots normally, the computer opens up 8 iexplore.exe processes and then freezes. However, when I am in safemode, I can keep the computer running without issue. I tried running the steps required, however, I could not run the gmem or the malwarbytes to run. They just hung. I ran avast and had a win32 trojan that seemed to be a false positive (according to the research I did). I am enclosing the OTL logs.
This is a Windows XP laptop running SP 2 (or 3...I can't tell if the update finished)
Any help would be great. What I do need to know is what the problem is so I can let the coworker know.
OTL logfile created on: 1/8/2010 11:00:49 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.12 Gb Total Space | 56.01 Gb Free Space | 76.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 3.68 Gb Free Space | 98.42% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-AFBEEB415
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/07 12:49:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/11/24 18:47:39 | 00,159,280 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/08/10 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/01/07 12:49:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service)
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/26 15:47:55 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/03 13:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/09 20:16:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/04/24 13:25:58 | 00,267,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/24 13:22:38 | 00,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/03/16 18:10:54 | 00,020,480 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/05 13:15:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/05 13:14:55 | 00,000,000 | ---D | M]
[2010/01/05 13:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/05 13:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0yik4g4.default\extensions
[2010/01/05 13:14:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: (289675 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9978 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12 192.168.1.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/21 07:50:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/01/08 10:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2010/01/08 08:42:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/08 08:42:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/08 08:42:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/08 08:42:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/08 08:36:07 | 00,192,512 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\spra0419.dll
[2010/01/08 08:36:06 | 00,736,768 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\sprb0419.dll
[2010/01/08 08:36:06 | 00,427,008 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\obrb0419.dll
[2010/01/08 08:35:44 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/01/08 08:35:44 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/01/07 15:09:53 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/07 15:09:52 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/07 15:09:51 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/07 15:09:49 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/07 15:09:49 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/01/07 15:09:49 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/07 15:09:48 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/07 15:09:48 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/07 15:09:30 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/07 13:50:40 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/07 13:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/01/07 13:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/07 13:33:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/07 13:33:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/07 13:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/05 13:15:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2010/01/05 13:15:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/01/05 13:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/05 08:15:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/04 13:37:22 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/31 00:44:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/01/08 10:48:36 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/08 10:48:32 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2010/01/08 10:18:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/08 10:13:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 09:12:26 | 00,250,032 | ---- | M] () -- C:\ntldr
[2010/01/08 09:07:37 | 00,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/07 16:06:32 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/07 16:06:29 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/07 15:09:54 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/01/07 15:09:49 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/06 11:41:10 | 00,000,891 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010/01/05 13:15:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/05 13:15:00 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/05 09:03:14 | 00,000,175 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat
[2010/01/04 13:37:28 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/01/03 17:59:04 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ss Corsi k.doc
[2010/01/03 17:41:58 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/03 15:14:24 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\November newsletter.doc
[2010/01/03 15:04:25 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Week of 010410page 2.doc
[2010/01/03 14:41:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ek of 010410page 2.doc
[2010/01/03 14:41:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Week of 01-04-10 page 1.doc
[2010/01/03 14:39:53 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ek of 01-04-10 page 1.doc
[2010/01/03 13:56:07 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2010/01/03 13:55:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/31 01:23:22 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/29 09:45:27 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bridal Shower List.xls
[2009/12/28 16:31:27 | 00,000,366 | ---- | M] () -- C:\Documents and Settings\Owner\.powerschool_gradebook.properties
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/01/08 08:36:05 | 00,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/01/08 08:36:01 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/01/08 08:36:01 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/01/08 08:36:00 | 00,759,966 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2010/01/08 08:36:00 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/01/08 08:36:00 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/01/08 08:35:54 | 00,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nt5inf.cat
[2010/01/08 08:35:51 | 00,216,862 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2010/01/08 08:35:51 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/01/08 08:35:51 | 00,079,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2010/01/08 08:35:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/01/08 08:35:50 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fp4.cat
[2010/01/08 08:35:48 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/01/08 08:35:47 | 00,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/01/08 08:35:47 | 00,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2010/01/08 08:35:47 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ims.cat
[2010/01/08 08:35:47 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msmsgs.cat
[2010/01/08 08:35:47 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mstsweb.cat
[2010/01/08 08:35:47 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/01/08 08:35:46 | 02,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nt5.cat
[2010/01/08 08:35:44 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tshoot.dll
[2010/01/08 08:35:44 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/01/08 08:35:44 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll
[2010/01/08 08:35:44 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sstub.dll
[2010/01/08 08:35:41 | 00,460,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2010/01/08 08:35:41 | 00,383,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2010/01/08 08:35:41 | 00,355,436 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2010/01/08 08:35:37 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/01/08 08:35:35 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compatui.dll
[2010/01/08 08:35:34 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/01/08 08:35:34 | 00,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/01/08 08:35:32 | 00,498,205 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/01/08 08:35:30 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2010/01/08 08:35:30 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/01/08 08:35:30 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/01/08 08:35:30 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/01/08 08:35:30 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/01/08 08:35:27 | 00,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010/01/08 08:35:27 | 00,004,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2010/01/08 08:35:26 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/08 08:35:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/01/08 08:35:26 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/01/08 08:35:26 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/01/08 08:35:26 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/01/08 08:35:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/01/08 08:35:21 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2010/01/08 08:35:21 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls
[2010/01/08 08:35:21 | 00,009,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2010/01/08 08:35:20 | 00,250,032 | ---- | C] () -- C:\ntldr
[2010/01/08 08:35:20 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/08 08:35:20 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2010/01/08 08:35:20 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
[2010/01/07 15:09:54 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/01/07 15:09:30 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/01/05 13:15:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/05 13:15:00 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/03 17:59:04 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ss Corsi k.doc
[2010/01/03 14:41:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ek of 010410page 2.doc
[2010/01/03 14:39:53 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ek of 01-04-10 page 1.doc
[2009/12/31 01:26:40 | 00,000,891 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2009/12/31 01:25:38 | 00,000,175 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat
[2009/12/31 01:23:22 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/31 00:44:46 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\NSSstub.job
[2008/12/08 11:02:00 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/17 18:25:26 | 00,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2008/11/17 18:15:52 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2008/11/17 18:15:51 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
[2008/11/17 18:15:50 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
[2008/11/10 16:01:35 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/27 17:42:02 | 00,002,624 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/21 09:20:47 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 09:04:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/21 08:57:33 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/10/21 08:52:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/10/21 08:50:11 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/10/21 08:50:10 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/10/21 08:20:00 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/08/05 13:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/01/04 13:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/26 10:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/07 13:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2008/12/03 17:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2008/11/05 18:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2010/01/03 13:56:07 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 06:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 00,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
< %systemroot%\*./mp /s >
< CREATESTOREPOINT >
< %systemroot%\system32\*.dll /lockedfiles >
[29 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
OTL Extras logfile created on: 1/8/2010 11:00:50 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.12 Gb Total Space | 56.01 Gb Free Space | 76.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 3.68 Gb Free Space | 98.42% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-AFBEEB415
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster
"{2E1A6A90-62A6-4862-9962-81DBFD001033}" = Nero 7 Essentials
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp deskjet 960c series" = hp deskjet 960c series (Remove only)
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Shockwave" = Shockwave
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PowerTeacher Gradebook" = PowerTeacher Gradebook
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/8/2009 10:30:46 AM | Computer Name = OWNER-AFBEEB415 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3527, fault address 0x0006e550.
[ System Events ]
Error - 1/8/2010 11:57:51 AM | Computer Name = OWNER-AFBEEB415 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/8/2010 12:02:01 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:06 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:11 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:16 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:20 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:25 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:29 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:34 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 1/8/2010 12:02:38 PM | Computer Name = OWNER-AFBEEB415 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
< End of report >