Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus - Some Desktop Icons Don't Dislay - Dialog Box w/ Pics Freez

Started by carloverx , Mar 13 2010 10:10 PM

  • Please log in to reply

#1
carloverx
Posted 13 March 2010 - 10:10 PM

carloverx

    Member

  • Member
  • PipPip
  • 20 posts
I've been battling a virus for over two weeks now. I thought i had everything sorted out, but I'm still having issues.

When i open dialog boxes - to up load a picture for example, whatever program it is, it locks up. On many occasions, just opening folders with pictures will cause explorer to freeze. Today, firefox closed itself a few times. Lastly, when I shut down the computer, every time i need to endtask explorer. Any help would be greatly appreciated -I'm at wits end. Also, i suspect i have a lot of unnecessary junk running that i've acquired of the past 5 years with this computer -it's a dell Inspiron 6000 with windows xp.


GMER LOG:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-13 22:26:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB0B93C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0B93B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB0B940C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0B93FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB0B936E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB0B93BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB0B93628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB0B9368C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB0B93D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB0B94194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB0B93CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB0B93E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB0BA04FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB0BA0322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB0BA045C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- EOF - GMER 1.0.15 ----



OTL LOG:

OTL logfile created on: 3/13/2010 10:46:09 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Joe\Desktop\Guards
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 26.30 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LPJF
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/13 22:38:00 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\Guards\OTL.exe
PRC - [2010/03/13 18:26:13 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Joe\Local Settings\Temp\Adobelm_Cleanup.0001
PRC - [2010/03/09 06:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 13:42:00 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
PRC - [2007/05/10 12:39:30 | 000,315,392 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Pixart\Pac207\Monitor.exe
PRC - [2005/03/04 11:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/12/14 03:44:40 | 000,069,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 16:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/19 14:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/11/14 08:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/03/25 06:49:02 | 000,057,344 | R--- | M] () -- C:\WINDOWS\system32\MMTray2k.exe
PRC - [2003/03/25 06:49:02 | 000,053,248 | R--- | M] (Morgan Multimedia) -- C:\WINDOWS\system32\MMTrayLSI.exe


========== Modules (SafeList) ==========

MOD - [2010/03/13 22:38:00 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\Guards\OTL.exe
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2003/11/14 08:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/11/14 08:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Esfcpr)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/20 21:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 10:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/09 22:13:00 | 000,000,000 | ---D | M]

[2008/06/17 22:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2010/03/13 00:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\extensions
[2010/02/07 17:02:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/10 22:10:14 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/02/07 17:02:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/07 17:02:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/06/01 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\extensions\[email protected]
[2010/03/09 22:15:18 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\8v7kolrl.default\searchplugins\aim-search.xml
[2010/03/13 00:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/25 07:57:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
[2008/10/19 04:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
[2009/02/02 19:09:09 | 000,002,853 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml

O1 HOSTS File: ([2005/10/09 15:11:06 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IKL] File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MMTray2K] C:\WINDOWS\System32\MMTray2k.exe ()
O4 - HKLM..\Run: [MMTrayLSI] C:\WINDOWS\System32\MMTrayLSI.exe (Morgan Multimedia)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\tweakui.cpl (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 15:52:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/13 17:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/13 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/10 08:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\AIM Toolbar
[2010/03/09 22:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2010/03/09 22:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/03/09 22:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/09 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\AIM
[2010/03/09 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/09 22:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\AOL
[2010/03/09 22:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\AIM7
[2010/03/09 22:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/07 10:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Resu-ME
[2010/03/07 09:08:43 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/02/28 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\log
[2009/07/21 22:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/20 08:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2008/03/21 08:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/01 23:12:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/01 23:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/03/30 19:21:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/03/13 17:13:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\NTREGOPT.lnk
[2010/03/13 17:13:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\ERUNT.lnk
[2010/03/13 17:09:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 17:08:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/13 17:08:47 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/13 17:08:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 17:07:21 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Joe\ntuser.dat
[2010/03/13 17:07:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010/03/11 03:05:59 | 000,000,705 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/09 22:16:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/09 22:13:47 | 000,002,544 | -H-- | M] () -- C:\IPH.PH
[2010/03/09 22:13:33 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/09 22:08:47 | 001,606,064 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\googletalk-setup.exe
[2010/03/09 19:41:24 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Hey yo.doc
[2010/03/09 06:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 06:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 19:13:37 | 000,033,503 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\n675139210_336490_7599.jpg
[2010/03/08 18:36:54 | 000,984,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/07 23:21:47 | 000,206,848 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\resum-medotcom.doc
[2010/03/07 17:46:22 | 000,029,005 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\funny comic.jpg
[2010/03/07 16:30:59 | 000,040,019 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\20066_257282693635_618868635_4517931_6309255_n.jpg
[2010/03/07 16:30:25 | 000,048,586 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\15293_397714738635_618868635_5232612_6422466_n.jpg
[2010/03/07 16:06:13 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\notes.doc
[2010/03/07 01:29:36 | 000,048,207 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\chrisphoto.jpg
[2010/03/06 14:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/28 17:05:14 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/03/13 17:13:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\NTREGOPT.lnk
[2010/03/13 17:13:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\ERUNT.lnk
[2010/03/09 22:13:33 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/09 22:08:46 | 001,606,064 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\googletalk-setup.exe
[2010/03/09 18:51:16 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Hey yo.doc
[2010/03/08 19:13:36 | 000,033,503 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\n675139210_336490_7599.jpg
[2010/03/07 17:46:21 | 000,029,005 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\funny comic.jpg
[2010/03/07 16:30:58 | 000,040,019 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\20066_257282693635_618868635_4517931_6309255_n.jpg
[2010/03/07 16:30:24 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\15293_397714738635_618868635_5232612_6422466_n.jpg
[2010/03/07 16:06:13 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\notes.doc
[2010/03/07 01:29:35 | 000,048,207 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\chrisphoto.jpg
[2010/03/06 11:39:27 | 000,206,848 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\resum-medotcom.doc
[2010/01/10 13:31:16 | 000,015,117 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/03/20 08:18:39 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/01/08 00:17:42 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2007/10/03 16:40:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2007/06/20 08:00:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/12 22:06:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/03/29 19:06:14 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/03/29 19:06:14 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/03/29 19:06:14 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/01/18 18:08:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/01/18 18:08:13 | 000,000,338 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/12/27 16:33:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/12/09 18:07:57 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\PFP120JPR.{PB
[2005/12/09 18:07:57 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\PFP120JCM.{PB
[2005/09/29 00:25:08 | 000,337,814 | -HS- | C] () -- C:\WINDOWS\System32\qqtss.ini
[2005/09/16 11:39:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/09/09 15:54:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/09 12:55:46 | 000,011,264 | R--- | C] () -- C:\WINDOWS\System32\TEKYUV.DLL
[2005/09/09 12:55:45 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\rmp4.dll
[2005/09/09 12:55:45 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\dsrmp4.dll
[2005/09/09 12:55:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mpegdecoder.dll
[2005/09/09 12:55:44 | 000,023,552 | R--- | C] () -- C:\WINDOWS\System32\pdi.dll
[2005/09/09 12:55:42 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/09/09 12:55:42 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/09/09 12:55:42 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/09/09 12:55:41 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005/09/09 12:55:41 | 000,000,702 | R--- | C] () -- C:\WINDOWS\MMTVMJ.INI
[2005/09/09 12:55:40 | 000,000,761 | R--- | C] () -- C:\WINDOWS\M3JP2K.INI
[2005/09/09 12:55:39 | 000,000,714 | R--- | C] () -- C:\WINDOWS\m3jpeg.ini
[2005/09/09 12:55:34 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
[2005/09/09 12:55:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/09/09 12:55:28 | 000,077,664 | R--- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[2005/09/09 12:55:28 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/09/09 12:55:26 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/09/09 12:55:19 | 000,066,560 | R--- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2005/09/09 12:55:18 | 000,092,672 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV2.dll
[2005/09/09 12:55:18 | 000,071,680 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV1.DLL
[2005/09/09 12:55:17 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/09/09 12:55:16 | 000,482,816 | R--- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2005/09/09 12:55:16 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2005/09/09 12:55:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AVIWRAP.DLL
[2005/09/09 12:55:09 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\AVIZLIB.DLL
[2005/09/09 12:55:09 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\AVIMSZH.DLL
[2005/09/09 12:55:03 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/09/09 12:55:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2005/09/09 09:06:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/09 09:04:21 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/08 18:40:23 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
[2005/08/06 21:30:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/06 21:18:24 | 000,000,440 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/06 21:09:31 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/06 20:43:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/08/06 20:43:10 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/18 05:53:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\MBSSM5.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 15:49:50 | 000,000,205 | ---- | C] () -- C:\WINDOWS\DRIVESET.INI
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll

========== LOP Check ==========

[2010/03/09 22:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/09 22:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/02/27 10:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/20 08:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2006/03/30 19:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/02/02 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2006/05/12 22:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/03/31 21:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/10/29 22:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2009/02/05 19:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/05/12 22:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/03/14 08:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/16 20:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/10 18:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/08/21 23:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\acccore
[2007/08/24 19:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Aim
[2009/03/20 08:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AT&T
[2005/12/27 16:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Atari
[2009/02/02 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Babylon
[2008/10/20 22:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Blender Foundation
[2009/03/20 08:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Bytemobile
[2009/03/20 08:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\DBUpdater
[2008/05/01 21:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\iPhoneRingToneMaker
[2005/09/29 14:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Leadertech
[2005/09/21 10:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Musicmatch
[2005/09/26 19:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Neo-Modus.com
[2008/06/26 18:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Nexon
[2006/05/12 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Nikon
[2009/03/20 08:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Sierra Wireless
[2007/11/03 10:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Simple Star
[2006/12/25 21:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Smith Micro
[2006/03/31 15:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TrojanHunter

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/26 22:12:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/26 22:12:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/26 22:12:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/26 22:12:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/19 15:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 15:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 15:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


EXTRAS LOG


OTL Extras logfile created on: 3/13/2010 10:46:09 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Joe\Desktop\Guards
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 26.30 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LPJF
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\World of Warcraft\WoW.exe" = C:\Program Files\World of Warcraft\WoW.exe:*:Enabled:World of Warcraft -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\World of Warcraft\WoW-1.11.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.11.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33F1EEC8-93C8-4CC5-9C33-6698A4A627BA}" = TIPCIxx20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87A54796-0620-4899-BAF7-7778A7FB54CB}" = ArcSoft TotalMedia Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF64F216-D859-43FC-9068-0005A41AEBA3}" = AT&T Communication Manager
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB11BC46-7504-4877-87E4-4034D4133A2C}" = SPSS 13.0 for Windows Student Version
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFF5DEE7-8107-436B-9726-7573458FE6AE}" = ACE Mega CoDecS Pack
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Blender" = Blender (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DC++" = DC++ 0.7091
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{33F1EEC8-93C8-4CC5-9C33-6698A4A627BA}" = Texas Instruments PCIxx20 drivers.
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Logitech Resource Center" = Logitech Resource Center
"MBSS Light_is1" = MBSS Light 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO v5.3" = WinISO v5.3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2008 12:49:07 PM | Computer Name = LPJF | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module mpeg2dmx.ax, version 2.0.80.30327, fault address 0x0000d823.

Error - 12/5/2008 12:49:26 PM | Computer Name = LPJF | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module mpeg2dmx.ax, version 2.0.80.30327, fault address 0x0000d823.

Error - 2/2/2009 8:18:22 PM | Computer Name = LPJF | Source = Application Hang | ID = 1002
Description = Hanging application setup1.exe, version 5.0.0.3716, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2009 1:15:03 AM | Computer Name = LPJF | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
unknown, version 0.0.0.0, fault address 0x04246c83.

Error - 2/26/2009 9:08:20 AM | Computer Name = LPJF | Source = Application Error | ID = 1000
Description = Faulting application dcplusplus.exe, version 0.7.0.91, faulting module
unknown, version 0.0.0.0, fault address 0x0d7cae96.

Error - 3/24/2009 8:05:28 PM | Computer Name = LPJF | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module iviaudio.ax, version 1.0.0.1, fault address 0x0001121d.

Error - 4/27/2009 8:31:47 PM | Computer Name = LPJF | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 10.0.4.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2009 9:00:33 PM | Computer Name = LPJF | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module atipdsxx.dll, version 6.14.10.5154, fault address 0x0001063d.

Error - 6/10/2009 10:22:14 PM | Computer Name = LPJF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/10/2009 10:22:14 PM | Computer Name = LPJF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 3/13/2010 6:08:50 PM | Computer Name = LPJF | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 3/13/2010 6:08:50 PM | Computer Name = LPJF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/13/2010 6:08:50 PM | Computer Name = LPJF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 3/13/2010 6:08:50 PM | Computer Name = LPJF | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 3/13/2010 6:08:50 PM | Computer Name = LPJF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/13/2010 6:08:50 PM | Computer Name = LPJF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 3/13/2010 6:09:32 PM | Computer Name = LPJF | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 3/13/2010 9:38:39 PM | Computer Name = LPJF | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/13/2010 9:38:39 PM | Computer Name = LPJF | Source = Service Control Manager | ID = 7034
Description = The avast! Mail Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/13/2010 9:38:40 PM | Computer Name = LPJF | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Edited by carloverx, 14 March 2010 - 08:31 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP