Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

2nd computer, 2nd virus-Malware B disabled

Started by PSorokin , Jan 22 2010 12:00 PM

  • Please log in to reply

#1
PSorokin
Posted 22 January 2010 - 12:00 PM

PSorokin

    Member

  • Member
  • PipPip
  • 36 posts
This virus has disabled Malware bytes and system restore. AVG seemed to run OK, but didn't find anything. Many thanks in advance for any assistance on this thread or the other virus thread!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/22 11:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4977000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B4F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1BE0000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\tempfile
Status: Allocation size mismatch (API: 33570816, Raw: 0)

Path: C:\Documents and Settings\Lorin\Local Settings\Apps\2.0\Q4DY4QON.XWY\60384CDL.ORM\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Lorin\Local Settings\Apps\2.0\Q4DY4QON.XWY\60384CDL.ORM\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

==EOF==

Edited by PSorokin, 22 January 2010 - 02:10 PM.

  • 0

Advertisements

#2
PSorokin
Posted 22 January 2010 - 12:54 PM

PSorokin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Was able to run OTL:
OTL logfile created on: 1/22/2010 12:40:37 PM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 55.11 Gb Free Space | 36.99% Space Free | Partition Type: NTFS
Drive D: | 198.65 Gb Total Space | 83.47 Gb Free Space | 42.02% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 10.99 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DVDCOMP
Current User Name: Lorin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/22 11:28:17 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2010/01/04 08:14:06 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 11:28:54 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/11 11:28:54 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/04 10:46:03 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/04 10:46:02 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/04 10:45:58 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/12/04 10:45:57 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/03 16:24:48 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Lorin\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2008/10/16 20:11:26 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 19:15:38 | 00,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/08/08 09:43:32 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/04/14 16:50:30 | 01,556,480 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2007/03/26 18:45:12 | 00,389,120 | ---- | M] () -- C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
PRC - [2007/03/23 14:24:36 | 00,054,792 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
PRC - [2007/03/23 14:24:30 | 00,023,560 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Communications.exe
PRC - [2007/03/02 14:47:38 | 00,476,680 | ---- | M] (Matrox Graphics Inc.) -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
PRC - [2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/03/22 18:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/16 07:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/02/11 09:10:00 | 02,592,841 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WINZIP32.EXE


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,096,256 | -HS- | M] () -- C:\WINDOWS\system32\zusidebi.dll
MOD - [2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\system32\yiheguku.dll
MOD - [2010/01/22 11:28:17 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
MOD - [2004/08/04 06:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/04 10:45:58 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/04 10:45:57 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/03 16:34:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/16 19:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:29:40 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/08/05 17:28:29 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/07/30 11:47:48 | 00,532,264 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/22 21:42:12 | 00,116,040 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/02 14:47:38 | 00,476,680 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2004/08/04 06:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [lamefifej] C:\WINDOWS\System32\zusidebi.DLL ()
O4 - HKLM..\Run: [Matrox PowerDesk 8] c:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [NexusServer] C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe ()
O4 - HKLM..\Run: [NTSystem] C:\Program Files\Common Files\Microsoft Update Engine\services.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Lorin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Lorin\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.50
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (yiheguku.dll) - C:\WINDOWS\System32\yiheguku.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\zusidebi.dll) - C:\WINDOWS\system32\zusidebi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: bijutehap - {083ffa55-605f-4b9a-9607-3cb8cd9c8025} - C:\WINDOWS\system32\zusidebi.dll ()
O22 - SharedTaskScheduler: {083ffa55-605f-4b9a-9607-3cb8cd9c8025} - gahurihor - C:\WINDOWS\system32\zusidebi.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Lorin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lorin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/05 17:00:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{78a98287-e4cb-11de-aca0-0013468b3c99}\Shell - "" = AutoRun
O33 - MountPoints2\{78a98287-e4cb-11de-aca0-0013468b3c99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78a98287-e4cb-11de-aca0-0013468b3c99}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/05 17:00:06 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/22 12:38:20 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/01/22 11:23:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/22 11:23:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/22 11:23:26 | 00,000,000 | ---D | C] -- C:\Program Files\2 Malwarebytes' Anti-Malware
[2010/01/22 10:01:19 | 02,304,519 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\All Users\Documents\fakealertstinger.exe
[2010/01/21 14:11:41 | 00,364,544 | ---- | C] (Matthew T. Ashland) -- C:\WINDOWS\System32\MACDll.dll
[2010/01/21 14:11:41 | 00,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio
[2010/01/20 10:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2010/01/18 10:43:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/18 09:50:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/01/14 16:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/01/14 16:56:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lorin\Local Settings\Application Data\HP
[2010/01/14 16:55:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/01/14 16:36:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/01/14 16:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lorin\Application Data\HP
[2009/12/04 10:44:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/04 10:44:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/04 10:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/04 10:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/04 07:34:46 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Lorin\Application Data\pcouffin.sys
[2008/08/06 09:13:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Matrox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Lorin\My Documents\*.tmp files -> C:\Documents and Settings\Lorin\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 00,096,256 | -HS- | M] () -- C:\WINDOWS\System32\zusidebi.dll
[2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\System32\yiheguku.dll
[2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\System32\guyuzera.dll
[2099/01/01 12:00:00 | 00,043,008 | -HS- | M] () -- C:\WINDOWS\System32\kihufupu.dll
[2010/01/22 12:44:35 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\nawawebo
[2010/01/22 12:29:02 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1343024091-682003330-1003UA.job
[2010/01/22 11:40:36 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\RootRepeal.zip
[2010/01/22 11:37:07 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{6202D856-CB11-4CFD-B9BD-3A94172C572A}
[2010/01/22 11:37:00 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/01/22 11:36:23 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/01/22 11:36:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 11:36:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 11:35:31 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Lorin\NTUSER.DAT
[2010/01/22 11:28:17 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/01/22 11:23:30 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 11:16:49 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Lorin\ntuser.ini
[2010/01/22 10:37:33 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fakealertstinger.opt
[2010/01/22 08:15:17 | 54,502,517 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/21 16:29:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1343024091-682003330-1003Core.job
[2010/01/21 12:46:47 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\Lorin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 10:03:38 | 02,304,519 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\All Users\Documents\fakealertstinger.exe
[2010/01/20 08:22:45 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 08:16:06 | 00,028,488 | ---- | M] () -- C:\Documents and Settings\Lorin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/19 08:13:56 | 00,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/18 12:47:18 | 00,000,072 | ---- | M] () -- C:\Documents and Settings\Lorin\default.pls
[2010/01/18 12:47:18 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/18 09:52:28 | 00,005,462 | ---- | M] () -- C:\Documents and Settings\Lorin\UserPlaceholderPreset_Adobe Premiere Pro 1.5.1.vpr
[2010/01/18 09:50:40 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/01/18 09:50:40 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/01/18 09:50:40 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/01/18 09:50:40 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/01/18 09:50:40 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/01/18 09:50:39 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/01/18 09:50:39 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/01/18 09:50:39 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/01/18 08:20:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/15 08:06:11 | 00,186,790 | ---- | M] () -- C:\WINDOWS\hpwins23.dat
[2010/01/14 16:56:53 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/14 16:55:46 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/14 16:55:19 | 00,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/01/14 16:03:56 | 00,063,119 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/01/14 11:17:49 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\McDaniel photos.xls
[2010/01/13 12:25:56 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Belmont - College of Law streaming file.doc
[2010/01/11 16:14:11 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Lorin\Application Data\vso_ts_preview.xml
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Lorin\My Documents\*.tmp files -> C:\Documents and Settings\Lorin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,096,256 | -HS- | C] () -- C:\WINDOWS\System32\zusidebi.dll
[2099/01/01 12:00:00 | 00,055,296 | -HS- | C] () -- C:\WINDOWS\System32\yiheguku.dll
[2099/01/01 12:00:00 | 00,055,296 | -HS- | C] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,055,296 | -HS- | C] () -- C:\WINDOWS\System32\guyuzera.dll
[2099/01/01 12:00:00 | 00,043,008 | -HS- | C] () -- C:\WINDOWS\System32\kihufupu.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\nawawebo
[2010/01/22 11:40:27 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\RootRepeal.zip
[2010/01/22 11:23:30 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 10:02:00 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fakealertstinger.opt
[2010/01/20 15:59:47 | 21,474,64236 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw010.GHS
[2010/01/20 15:58:09 | 21,474,68586 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw009.GHS
[2010/01/20 15:56:30 | 21,474,52430 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw008.GHS
[2010/01/20 15:53:59 | 21,474,82286 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw002.GHS
[2010/01/20 15:52:11 | 21,474,68084 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw001.GHS
[2010/01/20 15:49:05 | 21,474,52066 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorins_comp_12-7-09.GHO
[2010/01/20 15:47:55 | 15,342,02098 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin009.GHS
[2010/01/20 15:45:52 | 21,474,61850 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin008.GHS
[2010/01/20 15:44:19 | 21,474,78718 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin007.GHS
[2010/01/20 15:42:52 | 21,474,74094 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin006.GHS
[2010/01/20 15:39:27 | 21,474,83180 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin005.GHS
[2010/01/20 15:37:38 | 21,474,52880 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin004.GHS
[2010/01/20 15:36:09 | 21,474,57074 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin003.GHS
[2010/01/20 15:34:04 | 21,474,66670 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin002.GHS
[2010/01/20 15:32:18 | 21,474,76560 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Lorin001.GHS
[2010/01/20 15:30:52 | 21,474,82284 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\UpstairsDell12-8-09.GHO
[2010/01/20 15:29:52 | 14,888,15561 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta008.GHS
[2010/01/20 15:28:18 | 21,474,75844 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta007.GHS
[2010/01/20 15:26:36 | 21,474,79828 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta006.GHS
[2010/01/20 15:16:22 | 21,474,60536 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta005.GHS
[2010/01/20 15:14:21 | 21,474,64658 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta004.GHS
[2010/01/20 15:12:29 | 21,474,72796 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta003.GHS
[2010/01/20 15:10:50 | 21,474,60664 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta002.GHS
[2010/01/20 15:04:56 | 21,474,76756 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\Upsta001.GHS
[2010/01/20 10:50:37 | 21,474,58268 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw006.GHS
[2010/01/20 10:50:26 | 27,570,2585 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw013.GHS
[2010/01/20 10:49:02 | 21,474,62496 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw012.GHS
[2010/01/20 10:47:38 | 21,474,71012 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw011.GHS
[2010/01/20 10:46:10 | 21,474,63846 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw005.GHS
[2010/01/20 10:38:19 | 21,474,57434 | ---- | C] () -- C:\Documents and Settings\Lorin\My Documents\lorinw004.GHS
[2010/01/18 09:51:33 | 00,005,462 | ---- | C] () -- C:\Documents and Settings\Lorin\UserPlaceholderPreset_Adobe Premiere Pro 1.5.1.vpr
[2010/01/18 09:50:40 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/01/18 09:50:40 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/01/18 09:50:40 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/01/18 09:50:39 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/01/18 09:50:39 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/01/18 09:50:39 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/01/18 09:50:39 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/01/18 09:50:39 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/01/14 16:55:46 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/14 16:55:19 | 00,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/01/14 16:24:17 | 00,186,790 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2010/01/14 16:24:17 | 00,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2010/01/14 16:06:20 | 00,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp
[2010/01/14 16:01:04 | 00,063,119 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/01/14 11:17:49 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\McDaniel photos.xls
[2010/01/13 12:25:59 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Belmont - College of Law streaming file.doc
[2010/01/05 14:44:36 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/01/05 14:26:43 | 00,004,973 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/17 11:22:16 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Lorin\Local Settings\Application Data\PUTTY.RND
[2009/12/04 10:24:20 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/04 10:24:20 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/04 07:36:32 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Lorin\Application Data\vso_ts_preview.xml
[2008/09/04 07:34:50 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Lorin\Application Data\pcouffin.log
[2008/09/04 07:34:46 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Lorin\Application Data\inst.exe
[2008/09/04 07:34:46 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Lorin\Application Data\pcouffin.cat
[2008/09/04 07:34:46 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Lorin\Application Data\pcouffin.inf
[2008/08/18 13:54:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/15 10:07:50 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/08 11:57:59 | 00,000,295 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2008/08/08 11:57:59 | 00,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2008/08/08 11:57:55 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2008/08/08 11:57:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/08/07 09:29:19 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/08/07 09:28:34 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/08/06 16:51:37 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll
[2008/08/06 16:51:36 | 00,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll
[2008/08/06 10:42:56 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\Lorin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/06 10:05:03 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/08/05 17:19:24 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2008/08/05 17:19:24 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\KL2DLL32.DLL
[2008/08/05 17:19:24 | 00,008,968 | ---- | C] () -- C:\WINDOWS\System32\KL2DLL.DLL
[2008/08/05 17:12:19 | 00,007,440 | R--- | C] () -- C:\WINDOWS\System32\PPMON.DLL
[2008/08/05 17:09:57 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Lorin\Local Settings\Application Data\fusioncache.dat
[2006/05/19 13:39:08 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\flvprop.dll
[2006/05/19 13:39:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\flvsplit.dll
[2006/05/19 13:39:04 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\flvdecvp6.dll
[2005/07/14 11:31:20 | 00,027,648 | RHS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005/06/21 21:37:42 | 00,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2004/08/04 06:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/07 19:59:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2000/04/14 17:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/11 15:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== LOP Check ==========

[2009/12/04 10:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/04 10:45:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/06 10:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/08/06 17:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grass Valley
[2008/08/06 09:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Matrox
[2010/01/18 09:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/12/15 13:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2009/12/15 13:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/09/04 08:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/08/18 15:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\.BitTornado
[2008/08/07 15:56:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/13 16:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\FileZilla
[2008/08/05 17:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\Leadertech
[2008/08/06 17:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\River Past G4
[2009/12/15 13:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\River Past G5
[2009/12/14 09:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\SorensonMedia
[2010/01/22 11:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\uTorrent
[2010/01/11 16:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/03/10 12:48:26 | 02,939,142 | ---- | M] (Plaino ) -- C:\FLVplayr.exe


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 09:28:14 | 00,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys
[2005/04/25 09:28:14 | 00,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 16:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 16:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Files - Unicode (All) ==========
[2009/12/04 00:19:00 | 00,000,000 | ---D | M](C:\Documents and Settings\Lorin\My Documents\?ppPatch) -- C:\Documents and Settings\Lorin\My Documents\АppPatch
[2008/08/06 16:31:25 | 00,000,000 | ---D | M](C:\Documents and Settings\Lorin\My Documents\?ppPatch\?ppPatch) -- C:\Documents and Settings\Lorin\My Documents\АppPatch\АppPatch
[2008/08/06 16:31:25 | 00,000,000 | ---D | C](C:\Documents and Settings\Lorin\My Documents\?ppPatch) -- C:\Documents and Settings\Lorin\My Documents\АppPatch
< End of report >
OTL Extras logfile created on: 1/22/2010 12:40:37 PM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 55.11 Gb Free Space | 36.99% Space Free | Partition Type: NTFS
Drive D: | 198.65 Gb Total Space | 83.47 Gb Free Space | 42.02% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 10.99 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DVDCOMP
Current User Name: Lorin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"F:\setup\hpznui01.exe" = F:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe" = C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe:*:Disabled:Squeeze Application -- (Sorenson Media Inc.)
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro -- (River Past Corporation)
"C:\Program Files\River Past\Image Sequence Converter and Booster Pack\VideoCleaner.exe" = C:\Program Files\River Past\Image Sequence Converter and Booster Pack\VideoCleaner.exe:*:Enabled:River Past Image Sequence Converter -- (River Past Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"F:\setup\hpznui01.exe" = F:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{07D97136-A219-41FE-9FF9-E18C8A312A7E}" = ProCoder 3
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{326071B0-0102-417D-881B-880EFE6987FF}" = Sonic SD-series Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A7A90CE-7B2A-48FE-95F1-D87E0B65783C}" = Sonic Scenarist
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.1
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6BD31B80-7E9E-4FAF-B911-0AC31FB94BF6}" = Adobe Encore DVD 1.5
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{70AB1576-7883-2313-C650-7A71270B1033}" = Nero 7 Ultra Edition
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{772E9146-D676-4869-A298-047FF2A2B92D}" = Canopus Codec Option
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8C0302AB-28E3-43F4-8414-10B8E0954ED9}" = Setup
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFF1678B-9D8A-4932-BD8F-27ECEAFDB172}" = Matrox PowerDesk-HF
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AVG9Uninstall" = AVG Free 9.0
"BitTornado" = BitTornado 0.3.17
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Cycore Effects" = Cycore Effects 1.0
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FileZilla Client" = FileZilla Client 3.3.0.1
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"Image Sequence Converter and Booster Pack" = River Past Image Sequence Converter and Booster Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrox Parhelia Driver Uninstaller" = Matrox Driver
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Monkey's Audio_is1" = Monkey's Audio
"MPEG-4 Converter and Booster Pack" = River Past MPEG-4 Converter and Booster Pack
"On2 Technologies Flixwin Pro 8.500" = On2 Technologies Flixwin Pro 8.500
"RM Converter and Booster Pack" = River Past RM Converter and Booster Pack
"SUPER ©" = SUPER © Version 2006.19 (FIX)
"The Rosetta Stone" = The Rosetta Stone
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"Video Cleaner Pro" = River Past Video Cleaner Pro
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2009 5:15:19 PM | Computer Name = DVDCOMP | Source = Application Error | ID = 1000
Description = Faulting application squeeze.exe, version 5.1.0.12, faulting module
mcvc1vdec.dll, version 7.6.0.35746, fault address 0x0000e58a.

Error - 1/7/2010 5:10:03 PM | Computer Name = DVDCOMP | Source = Application Hang | ID = 1002
Description = Hanging application SDEncoder.exe, version 3.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 6:22:34 PM | Computer Name = DVDCOMP | Source = Application Error | ID = 1000
Description = Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.

Error - 1/15/2010 1:57:55 PM | Computer Name = DVDCOMP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/15/2010 1:57:55 PM | Computer Name = DVDCOMP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/15/2010 1:57:55 PM | Computer Name = DVDCOMP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/15/2010 1:57:55 PM | Computer Name = DVDCOMP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/15/2010 1:57:55 PM | Computer Name = DVDCOMP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/15/2010 1:57:55 PM | Computer Name = DVDCOMP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/18/2010 12:32:52 PM | Computer Name = DVDCOMP | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 7.2.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/15/2008 4:00:13 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/15/2008 4:02:20 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/15/2008 4:12:31 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/15/2008 4:12:37 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/15/2008 4:12:44 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/15/2008 4:12:51 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/15/2008 4:12:57 PM | Computer Name = DVDCOMP | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 12/3/2009 5:14:01 PM | Computer Name = DVDCOMP | Source = Service Control Manager | ID = 7034
Description = The ANIWZCSd Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/4/2009 6:38:27 AM | Computer Name = DVDCOMP | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.35 for the Network Card with network address
0013468B3C99 has been denied by the DHCP server 10.0.0.50 (The DHCP Server sent
a DHCPNACK message).

Error - 12/4/2009 6:38:28 AM | Computer Name = DVDCOMP | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >
  • 0

#3
PSorokin
Posted 22 January 2010 - 01:20 PM

PSorokin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Just tried to run gmer. Computer crashed/rebooted.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP