Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dell Laptop running Sloooooowwww and freezing up, please help :-)

Started by abc143 , May 29 2010 12:03 PM

  • Please log in to reply

#1
abc143
Posted 29 May 2010 - 12:03 PM

abc143

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

My name is Brian .... came across this forum and was hoping that somebody might be able to help me out here.

A few weeks ago my laptop starting running really slow, then last week I was getting the BOD. After reading through these forums I found a program that identifies the codes that the BOD displays ..... figured out I had some bad drivers (Intel wireless LAN drivers). Replaced those, things started working again, but even slower than before. Then it started just freezing up, and eventually could barely get it up and running in safe mode.

Soo, I have followed the recommendations in the "cleaning guide" .... the results I have pasted below. All the scans seem to be coming up clean as far as I can tell, but everything is still very slow. I did notice that in the "Task Manager" .... under processes ... that "Tea Timer" is running and using a lot of memory usage. This is weird as I had "removed" Spy Bot S&D before starting the "clean" job.

I am also noticing that in the OTL Extra log ... it might be stating that I have a bad block in my D drive ..... might I be having a HD that is getting ready to die on me??

As stated earlier I was running Spy Bot S&D which was not detecting any threats. I have Removed that program and am currently running Avast as my AnitVirus.

I am thinking I must have some conflicting hardware or something ... however, I have no idea how to interpret these logs / results.

Thanks so much for any help or direction you can point me in.

Brian

------------------------------------------------------------------------------------------------

OTL logfile created on: 5/29/2010 10:18:53 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\bc\Desktop\Computer fixing programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 588.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.64 Gb Total Space | 1.95 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive D: | 59.88 Gb Total Space | 11.79 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BCLAPTOP
Current User Name: bc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/28 09:56:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bc\Desktop\Computer fixing programs\OTL.exe
PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/24 16:58:04 | 000,299,008 | ---- | M] (Tiger Green Productions LLC) -- C:\Program Files\X3watch\x3watch.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2006/10/26 14:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/29 15:15:00 | 000,090,169 | ---- | M] (SigmaTel Inc.) -- C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
PRC - [2004/04/26 18:13:54 | 000,561,213 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\BTTray.exe
PRC - [2004/04/26 18:12:40 | 001,245,268 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\BTStackServer.exe
PRC - [2004/04/26 18:02:14 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
PRC - [2004/03/04 21:59:30 | 000,487,424 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/02/02 16:32:16 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/01/13 16:15:20 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/01/13 16:08:52 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/01/13 16:08:12 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/01/13 16:07:04 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/12/19 13:49:28 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
PRC - [2003/10/23 21:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/02/26 12:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 09:56:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bc\Desktop\Computer fixing programs\OTL.exe
MOD - [2004/08/04 00:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/04/26 18:15:06 | 000,053,248 | ---- | M] () -- C:\Program Files\Dell\Bluetooth Software\BTKeyInd.dll
MOD - [2003/06/17 11:50:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/04/26 18:02:14 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/01/13 16:08:12 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/13 16:07:04 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/15 17:02:07 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/11 05:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/05/12 21:30:14 | 000,258,704 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/04/26 17:31:56 | 001,239,338 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/04/26 17:19:34 | 000,017,484 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2004/04/26 17:15:16 | 000,053,336 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/02/13 11:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2004/01/14 06:58:26 | 001,648,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2003/12/05 15:39:46 | 000,032,000 | R--- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pixmcvc.sys -- (PIXMCV)
DRV - [2003/12/05 15:39:46 | 000,020,953 | R--- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pixmcvv.sys -- (PIXMCVV)
DRV - [2003/12/05 15:39:44 | 000,027,961 | R--- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pixmcva.sys -- (PIXMCVA)
DRV - [2003/10/30 12:53:00 | 000,596,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/09/15 11:20:18 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/08/29 06:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/08/21 20:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/05/15 19:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/05/06 14:58:48 | 000,024,511 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/11 09:58:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/28 07:49:37 | 000,000,000 | ---D | M]

[2010/02/16 00:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\Mozilla\Extensions
[2010/05/28 08:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\Mozilla\Firefox\Profiles\fpt763yp.default\extensions
[2010/04/28 08:49:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\bc\Application Data\Mozilla\Firefox\Profiles\fpt763yp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/16 13:52:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\bc\Application Data\Mozilla\Firefox\Profiles\fpt763yp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/28 08:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/16 11:56:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/28 07:49:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/02 00:02:49 | 000,380,253 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13102 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKLM..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe (Tiger Green Productions LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Dell\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\bc\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266310315904 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 16:49:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/15 16:49:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/29 08:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Application Data\Malwarebytes
[2010/05/28 17:08:02 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/28 17:08:01 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/28 17:08:00 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/28 17:07:59 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/28 17:07:57 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/28 17:07:57 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/28 17:07:57 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/28 17:07:42 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/28 17:07:42 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/28 17:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/28 17:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/28 16:35:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/28 16:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/28 16:35:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 16:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/28 16:30:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/28 16:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT5-28-10
[2010/05/28 09:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Desktop\Computer fixing programs
[2010/05/28 08:52:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bc\Desktop\Favorites
[2010/05/28 07:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/27 13:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/27 13:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/27 13:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/27 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/27 12:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/24 16:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Desktop\Credit Reports
[2010/05/24 08:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Desktop\invoicing info
[2010/05/23 15:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/05/23 12:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/05/21 09:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/21 07:44:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/15 10:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Desktop\Derek Prince material
[2010/05/11 10:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2010/05/11 10:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2010/05/11 10:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/11 09:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2010/05/11 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2010/04/27 13:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/04/27 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/27 13:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/26 23:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Application Data\x3watch
[2010/04/26 23:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\x3watch
[2010/04/26 22:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\X3watch
[2010/04/26 22:58:22 | 000,828,517 | ---- | C] (Tiger Green Productions ) -- C:\Documents and Settings\bc\Desktop\setup.exe
[2010/04/14 22:37:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/10 08:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/10 08:10:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/04/10 08:10:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/04/10 08:09:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/04/10 08:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/04/09 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/02 04:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\My Documents\My Garmin
[2010/04/02 04:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Application Data\GARMIN
[2010/04/02 04:19:37 | 000,000,000 | ---D | C] -- C:\WebUpdater
[2010/04/02 04:19:12 | 000,018,432 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmngen.sys
[2010/04/02 04:19:11 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/03/26 18:15:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/26 17:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Application Data\Windows Search
[2010/03/25 10:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/21 23:50:30 | 225,666,910 | ---- | C] (Richard W. Smith ) -- C:\Documents and Settings\bc\Desktop\RWSMaps_Caribbean_v2.5_Setup.exe
[2010/03/20 23:49:41 | 000,000,000 | ---D | C] -- C:\MWASPI
[2010/03/20 19:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Local Settings\Application Data\WMTools Downloaded Files
[2010/03/20 19:10:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bc\My Documents\My Videos
[2010/03/20 12:26:30 | 000,032,000 | R--- | C] (Pixela) -- C:\WINDOWS\System32\drivers\pixmcvc.sys
[2010/03/20 12:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Navigator 1.0
[2010/03/20 10:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/20 10:45:00 | 000,027,961 | R--- | C] (Pixela) -- C:\WINDOWS\System32\drivers\pixmcva.sys
[2010/03/20 10:44:04 | 000,102,400 | R--- | C] (PiXELA Corp.) -- C:\WINDOWS\System32\MpvpxX86.dll
[2010/03/20 10:44:04 | 000,098,304 | R--- | C] (PiXELA Corp.) -- C:\WINDOWS\System32\MpvpxSSE.dll
[2010/03/20 10:44:04 | 000,069,632 | R--- | C] (PiXELA Corp.) -- C:\WINDOWS\System32\mpvpxex.ax
[2010/03/20 10:44:03 | 000,102,400 | R--- | C] (PiXELA Corp.) -- C:\WINDOWS\System32\MpvpxMMX.dll
[2010/03/20 10:44:03 | 000,020,953 | R--- | C] (Pixela) -- C:\WINDOWS\System32\drivers\pixmcvv.sys
[2010/03/20 01:20:49 | 000,045,056 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\Sc726dec.ax
[2010/03/20 01:20:49 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\scg726.acm
[2010/03/20 01:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\WINDOWS
[2010/03/20 01:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010/03/20 01:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/03/17 22:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\My Documents\Any Video Converter
[2010/03/17 22:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc\Application Data\AnvSoft
[2010/03/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/03/17 21:58:03 | 016,430,311 | ---- | C] (Any-Video-Converter.com ) -- C:\Documents and Settings\bc\Desktop\avc-free.exe
[2010/03/01 00:33:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER

========== Files - Modified Within 90 Days ==========

[2010/05/29 09:25:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 17:08:02 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/28 17:07:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/28 17:00:48 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Microsoft Office Excel 2007 (2).lnk
[2010/05/28 16:52:49 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 16:52:05 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/28 16:52:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 16:51:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 16:35:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 10:03:31 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\List.doc
[2010/05/28 08:01:52 | 009,166,848 | ---- | M] () -- C:\Documents and Settings\bc\ntuser.dat
[2010/05/28 08:01:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\bc\ntuser.ini
[2010/05/27 22:41:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/27 13:10:33 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 13:08:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/25 09:54:56 | 000,012,188 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Letter to Bob re credit report info.docx
[2010/05/24 12:55:42 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Microsoft Office Word 2007.lnk
[2010/05/24 07:54:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/23 18:33:25 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/20 16:17:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\bc\Desktop\~$List.doc
[2010/05/14 17:43:55 | 000,047,301 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\DeliveranceQuestionnaire_withStuartGreer.doc
[2010/05/14 17:33:34 | 000,259,291 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\DeliveranceQuestionnaire_withStuartGreer.docx.pdf
[2010/05/06 13:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 13:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 10:03:26 | 000,010,656 | ---- | M] () -- C:\Documents and Settings\bc\My Documents\Marina Apartments 30 day notice - 5-3-10.docx
[2010/05/02 23:18:04 | 000,066,841 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\TRA org chart May 2010.pdf
[2010/05/02 10:46:06 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\bc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 00:08:09 | 000,013,107 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Mayreau Budget questions - ABC.xlsx
[2010/04/29 23:31:09 | 002,733,905 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\IMG_7042.JPG
[2010/04/29 23:05:28 | 003,552,862 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\IMG_6885.JPG
[2010/04/29 22:46:59 | 002,766,323 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\IMG_6987.JPG
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:32:13 | 000,472,170 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\We wanted to first thank everybody for a fantastic trip to SVG.docx
[2010/04/27 13:50:12 | 000,037,027 | ---- | M] () -- C:\WINDOWS\atmoUn.exe
[2010/04/27 13:49:36 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/04/27 13:49:36 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2010/04/26 23:02:57 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/26 23:02:57 | 000,000,004 | ---- | M] () -- C:\KLSA.DAT
[2010/04/26 22:58:22 | 000,828,517 | ---- | M] (Tiger Green Productions ) -- C:\Documents and Settings\bc\Desktop\setup.exe
[2010/04/23 09:14:43 | 000,020,736 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\TRA Feedback response.docx
[2010/04/20 21:14:18 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Project Proposal.doc
[2010/04/14 22:44:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 08:02:13 | 001,776,145 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\BOYER 2255 Traverse - Final.pdf
[2010/04/11 19:44:36 | 000,015,451 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\BC 2010 TRM Pay breakdown.xlsx
[2010/04/11 13:17:00 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Windows Movie Maker (2).lnk
[2010/04/09 11:27:28 | 000,112,593 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Document1a.pdf
[2010/04/09 11:26:28 | 000,201,292 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Document1.pdf
[2010/04/03 20:07:34 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Microsoft Office Outlook 2007 (2).lnk
[2010/03/28 11:18:24 | 000,045,948 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\SCE Bill for Brian Colgan.pdf
[2010/03/26 12:06:01 | 000,050,666 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\CDL- copy.pdf
[2010/03/23 04:44:48 | 000,036,606 | ---- | M] () -- C:\Documents and Settings\bc\Application Data\Comma Separated Values (Windows).ADR
[2010/03/22 18:54:16 | 000,275,649 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\yahoo_ab 3-22-10.csv
[2010/03/22 18:52:42 | 000,013,941 | ---- | M] () -- C:\Documents and Settings\bc\My Documents\Stereo Instructions.docx
[2010/03/22 00:34:00 | 225,666,910 | ---- | M] (Richard W. Smith ) -- C:\Documents and Settings\bc\Desktop\RWSMaps_Caribbean_v2.5_Setup.exe
[2010/03/20 23:49:41 | 000,000,291 | ---- | M] () -- C:\WINDOWS\msfsetup.ini
[2010/03/20 23:48:01 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer Ver.1.7.lnk
[2010/03/20 12:27:34 | 000,389,346 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/20 12:27:34 | 000,336,120 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/20 12:27:34 | 000,048,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/20 01:05:21 | 000,057,678 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\bc's w-2.pdf
[2010/03/17 22:01:11 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Any Video Converter.lnk
[2010/03/17 21:59:38 | 016,430,311 | ---- | M] (Any-Video-Converter.com ) -- C:\Documents and Settings\bc\Desktop\avc-free.exe
[2010/03/14 11:18:46 | 000,177,929 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Exploring your personality older version.pptx
[2010/03/14 11:10:16 | 000,177,928 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\Exploring your personality.pptx
[2010/03/07 22:44:29 | 000,199,164 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\contacts 3-7-10.csv
[2010/03/02 00:02:49 | 000,380,253 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/01 08:06:07 | 000,070,016 | ---- | M] () -- C:\Documents and Settings\bc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/01 08:03:29 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/01 00:33:33 | 000,032,521 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\contacts 2-27-10.xlsx
[2010/02/28 23:17:22 | 001,405,934 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\El Shaddai Ministries - DVD.. charts.pdf
[2010/02/28 23:16:08 | 000,087,725 | ---- | M] () -- C:\Documents and Settings\bc\Desktop\El Shaddai Ministries - DVD...pdf

========== Files Created - No Company Name ==========

[2010/05/28 17:08:02 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/28 16:35:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/27 13:10:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 13:08:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/25 09:54:56 | 000,012,188 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Letter to Bob re credit report info.docx
[2010/05/23 18:33:25 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/20 16:17:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\bc\Desktop\~$List.doc
[2010/05/14 17:43:44 | 000,047,301 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\DeliveranceQuestionnaire_withStuartGreer.doc
[2010/05/14 17:33:34 | 000,259,291 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\DeliveranceQuestionnaire_withStuartGreer.docx.pdf
[2010/05/10 22:52:28 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\List.doc
[2010/05/07 06:43:54 | 009,166,848 | ---- | C] () -- C:\Documents and Settings\bc\ntuser.dat
[2010/05/04 10:03:26 | 000,010,656 | ---- | C] () -- C:\Documents and Settings\bc\My Documents\Marina Apartments 30 day notice - 5-3-10.docx
[2010/05/02 23:18:04 | 000,066,841 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\TRA org chart May 2010.pdf
[2010/04/29 23:30:01 | 002,733,905 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\IMG_7042.JPG
[2010/04/29 23:03:49 | 003,552,862 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\IMG_6885.JPG
[2010/04/29 22:45:21 | 002,766,323 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\IMG_6987.JPG
[2010/04/27 18:50:32 | 000,472,170 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\We wanted to first thank everybody for a fantastic trip to SVG.docx
[2010/04/27 13:50:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2010/04/27 08:49:34 | 000,013,107 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Mayreau Budget questions - ABC.xlsx
[2010/04/26 23:02:38 | 000,000,004 | ---- | C] () -- C:\KLSA.DAT
[2010/04/21 05:32:53 | 000,020,736 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\TRA Feedback response.docx
[2010/04/20 21:14:18 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Project Proposal.doc
[2010/04/12 08:02:13 | 001,776,145 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\BOYER 2255 Traverse - Final.pdf
[2010/04/11 13:17:00 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Windows Movie Maker (2).lnk
[2010/04/09 11:27:26 | 000,112,593 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Document1a.pdf
[2010/04/09 11:26:22 | 000,201,292 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Document1.pdf
[2010/03/28 11:18:20 | 000,045,948 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\SCE Bill for Brian Colgan.pdf
[2010/03/26 12:05:55 | 000,050,666 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\CDL- copy.pdf
[2010/03/25 15:59:44 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\bc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 04:44:46 | 000,036,606 | ---- | C] () -- C:\Documents and Settings\bc\Application Data\Comma Separated Values (Windows).ADR
[2010/03/22 18:54:15 | 000,275,649 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\yahoo_ab 3-22-10.csv
[2010/03/22 18:52:42 | 000,013,941 | ---- | C] () -- C:\Documents and Settings\bc\My Documents\Stereo Instructions.docx
[2010/03/20 23:48:01 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer Ver.1.7.lnk
[2010/03/20 09:30:05 | 000,015,451 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\BC 2010 TRM Pay breakdown.xlsx
[2010/03/20 01:15:59 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2010/03/20 01:15:59 | 000,004,030 | ---- | C] () -- C:\WINDOWS\System\WINASPI.DLL
[2010/03/20 01:15:59 | 000,002,486 | ---- | C] () -- C:\WINDOWS\System\AS16POST.BIN
[2010/03/20 01:15:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/03/20 01:05:20 | 000,057,678 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\bc's w-2.pdf
[2010/03/17 22:01:11 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Any Video Converter.lnk
[2010/03/14 11:18:46 | 000,177,929 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Exploring your personality older version.pptx
[2010/03/14 11:02:58 | 000,177,928 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\Exploring your personality.pptx
[2010/03/07 22:44:28 | 000,199,164 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\contacts 3-7-10.csv
[2010/03/01 00:33:32 | 000,032,521 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\contacts 2-27-10.xlsx
[2010/02/28 23:17:11 | 001,405,934 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\El Shaddai Ministries - DVD.. charts.pdf
[2010/02/28 23:15:57 | 000,087,725 | ---- | C] () -- C:\Documents and Settings\bc\Desktop\El Shaddai Ministries - DVD...pdf
[2010/02/16 10:32:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/02/15 17:31:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/15 17:28:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/04/26 17:53:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/04/17 13:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 13:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/05/16 00:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/05/28 17:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/27 13:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/28 08:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\x3watch
[2010/05/11 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/16 13:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/17 22:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\AnvSoft
[2010/02/22 20:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\Audacity
[2010/04/04 09:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\GARMIN
[2010/02/21 23:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\Windows Desktop Search
[2010/03/26 17:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\Windows Search
[2010/04/26 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc\Application Data\x3watch

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/15 16:49:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/15 16:49:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/15 16:49:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/26 23:02:57 | 000,000,004 | ---- | M] () -- C:\KLSA.DAT
[2010/02/15 16:49:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/28 16:51:37 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/02/15 08:31:42 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/15 08:31:42 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/15 08:31:42 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

--------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 5/29/2010 10:18:53 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\bc\Desktop\Computer fixing programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 588.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.64 Gb Total Space | 1.95 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive D: | 59.88 Gb Total Space | 11.79 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BCLAPTOP
Current User Name: bc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Dell Bluetooth Software
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDD512C6-2251-4046-8F25-1A5EB355015E}" = Intel® mDriver
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"225af9a1-b556-11d5-94aa-0010b5426419" = My DSC
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.0.3
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"avast5" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MWASPI" = MicroStaff WINASPI
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RWSMaps Caribbean (Maps for Garmin GPS receivers)_is1" = Version 2.5
"ULTIMATER" = Microsoft Office Ultimate 2007
"Windows XP Service Pack" = Windows XP Service Pack 2
"X3watch_is1" = X3watch 5.0.7
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 11:25:05 PM | Computer Name = BCLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 2:26:31 PM | Computer Name = BCLAPTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BC\DESKTOP\DOCUMENT1.PDF> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/9/2010 2:26:31 PM | Computer Name = BCLAPTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BC\DESKTOP\DOCUMENT1.PDF> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/9/2010 2:27:58 PM | Computer Name = BCLAPTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BC\DESKTOP\DOCUMENT1A.PDF> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/10/2010 11:12:47 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application wuauclt.exe, version 7.4.7600.226, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 11:13:03 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iesetup.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 11:13:04 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iesetup.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 1:52:35 PM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2010 11:21:48 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2010 2:57:47 PM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 4/5/2010 11:25:05 PM | Computer Name = BCLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 2:26:31 PM | Computer Name = BCLAPTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BC\DESKTOP\DOCUMENT1.PDF> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/9/2010 2:26:31 PM | Computer Name = BCLAPTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BC\DESKTOP\DOCUMENT1.PDF> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/9/2010 2:27:58 PM | Computer Name = BCLAPTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BC\DESKTOP\DOCUMENT1A.PDF> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/10/2010 11:12:47 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application wuauclt.exe, version 7.4.7600.226, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 11:13:03 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iesetup.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 11:13:04 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iesetup.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 1:52:35 PM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2010 11:21:48 AM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2010 2:57:47 PM | Computer Name = BCLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/28/2010 10:37:52 PM | Computer Name = BCLAPTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/29/2010 11:12:35 AM | Computer Name = BCLAPTOP | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >

-----------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4154

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5/29/2010 8:26:54 AM
mbam-log-2010-05-29 (08-26-54).txt

Scan type: Quick scan
Objects scanned: 134167
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 10:12:47
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\bc\LOCALS~1\Temp\ugriqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB18BCC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB18BCB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB18BD0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB18BD014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB18BC70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB18BCC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB18BC64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB18BC6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB18BCD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB18BD1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB18BCCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB18BCE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB18C9AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB18C98EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB18C9A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 4 Bytes JMP BDB18BD0
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B18C6EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP B18C98EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP B18C9ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A29A4 5 Bytes JMP B18C5536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A5972 7 Bytes JMP B18C9A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2224] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

:) :) :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP