Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to search from toolbar

Started by sbrig420 , Aug 16 2010 03:45 PM

  • Please log in to reply

#1
sbrig420
Posted 16 August 2010 - 03:45 PM

sbrig420

    Member

  • Member
  • PipPip
  • 14 posts
the GMER Rootkit Scanner caused the computer to reboot, but here are the OTL scan logs

OTL logfile created on: 8/16/2010 12:51:44 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.81 Gb Free Space | 29.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-7BB150A374
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/16 12:01:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/05/18 09:16:22 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/05/18 07:57:06 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/03/28 12:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/04/22 16:24:32 | 001,447,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/04/22 16:24:30 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/04/22 16:14:20 | 001,768,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/02/12 14:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 12:01:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/13 16:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/05/18 07:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/04/22 16:24:30 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/04/22 16:14:20 | 001,768,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/04/22 04:29:30 | 000,324,936 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/02/12 14:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/02/12 14:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/01/29 11:11:06 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/19 17:07:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/16 10:32:02 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100510.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/16 10:32:02 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/16 10:32:02 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/16 10:32:02 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100510.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/12 15:21:27 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/09/18 15:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/04 12:23:48 | 000,239,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2009/04/22 16:26:04 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/01/30 14:52:32 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/30 14:52:32 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/30 14:52:32 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/12/12 11:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/12/11 14:11:34 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/11/18 19:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 13:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 15:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/04/13 16:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 16:00:00 | 000,080,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 16:00:00 | 000,024,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/03/28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.c...14,6692,0,16,0"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}:4.0
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...93&searchterm="
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 15:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 15:07:37 | 000,000,000 | ---D | M]

[2010/02/19 17:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/08/13 16:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\gut6ywdh.default\extensions
[2010/07/19 09:12:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\gut6ywdh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/29 11:42:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\gut6ywdh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/07 10:36:57 | 000,000,000 | ---D | M] (Freeze Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\gut6ywdh.default\extensions\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}
[2010/08/13 16:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/19 16:40:50 | 000,001,951 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 84.19.171.6 www.google.com
O1 - Hosts: 84.19.171.6 google.com
O1 - Hosts: 84.19.171.6 google.com.au
O1 - Hosts: 84.19.171.6 www.google.com.au
O1 - Hosts: 84.19.171.6 google.be
O1 - Hosts: 84.19.171.6 www.google.be
O1 - Hosts: 84.19.171.6 google.com.br
O1 - Hosts: 84.19.171.6 www.google.com.br
O1 - Hosts: 84.19.171.6 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files\YRefresher\YRefresher.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files\YRefresher\YRefresher.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://web02.farvv....geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\Documents and Settings\All Users\Application Data\b5c0829\SGb5c0.exe") - C:\Documents and Settings\All Users\Application Data\b5c0829\SGb5c0.exe File not found
O20 - HKCU Winlogon: Shell - (/s /d) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/12 12:58:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{414d2286-2330-11df-9f72-001e0bae9ead}\Shell - "" = AutoRun
O33 - MountPoints2\{414d2286-2330-11df-9f72-001e0bae9ead}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{414d2286-2330-11df-9f72-001e0bae9ead}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5b064059-5222-11df-9f86-001e0bae9ead}\Shell - "" = AutoRun
O33 - MountPoints2\{5b064059-5222-11df-9f86-001e0bae9ead}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b064059-5222-11df-9f86-001e0bae9ead}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d30e194-181f-11df-9f52-96af9e21b670}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{8b685186-a58a-11df-9f9a-001e0bae9ead}\Shell - "" = AutoRun
O33 - MountPoints2\{8b685186-a58a-11df-9f9a-001e0bae9ead}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b685186-a58a-11df-9f9a-001e0bae9ead}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{93242f5c-33b4-11df-9f7d-001e0bae9ead}\Shell - "" = AutoRun
O33 - MountPoints2\{93242f5c-33b4-11df-9f7d-001e0bae9ead}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93242f5c-33b4-11df-9f7d-001e0bae9ead}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 12:49:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/08/16 12:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/16 11:41:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2010/08/16 11:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/08/16 10:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/10 14:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\13
[2010/07/29 11:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\iSymphony
[2010/07/29 11:51:16 | 022,497,545 | ---- | C] (i9Technologoies) -- C:\Documents and Settings\Mike\My Documents\iSymphony client-2.1.15b-rev1678-win32.exe
[2010/07/16 03:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2010/07/15 17:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/07/15 08:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Intuit
[2010/07/15 08:29:33 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2010/07/15 08:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/07/15 08:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2010/07/15 08:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/07/15 08:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2010/07/15 08:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2010/07/15 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/07/15 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/07/15 08:22:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/07/15 08:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/07/15 08:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/07/15 08:21:56 | 000,000,000 | ---D | C] -- C:\37ae3251e2e7fe374f0c9325db10d120
[2010/07/15 08:21:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/15 08:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/15 08:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/15 08:12:24 | 489,204,736 | ---- | C] (Intuit, Inc. ) -- C:\Documents and Settings\Mike\Desktop\QuickBooksSimpleStartFree2010.exe
[2010/07/15 08:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Download Manager
[2010/07/15 08:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2010/07/14 19:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/14 19:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/14 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/14 12:21:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2010/07/13 15:46:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\PrivacIE
[2010/07/13 11:18:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IETldCache
[2010/07/13 11:11:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/13 11:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/13 11:09:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/13 10:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/13 10:55:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/13 10:55:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/07/13 10:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/09 09:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/24 14:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Chucks show
[2010/06/24 14:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Unused Desktop Shortcuts
[2010/06/24 09:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Unity
[2010/06/18 16:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Video Backs
[2010/06/18 16:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\tower dog
[2010/06/18 16:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\religious comm
[2010/06/18 15:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\U3
[2010/06/17 10:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/06/17 10:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/06/17 10:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/06/17 10:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/05/28 11:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\EurekaLog
[2 C:\Documents and Settings\Mike\My Documents\*.tmp files -> C:\Documents and Settings\Mike\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\WINDOWS\System32\jidegufa.exe
[2010/08/16 12:53:41 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 12:53:41 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 12:53:41 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 12:49:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 12:49:08 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2010/08/16 12:49:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/16 12:49:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/16 12:12:37 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/08/16 12:12:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/08/16 12:05:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\NTREGOPT.lnk
[2010/08/16 12:05:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\ERUNT.lnk
[2010/08/16 12:01:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/08/16 11:13:04 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk
[2010/08/16 11:06:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\housecall.guid.cache
[2010/08/16 10:48:27 | 000,000,645 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/08/16 09:56:56 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/16 09:56:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/16 09:56:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/08/15 00:56:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/08/14 01:15:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Default.job
[2010/08/13 09:40:32 | 000,166,912 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 03:23:40 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 03:02:34 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/09 12:29:41 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Hosts weekly attendance.doc
[2010/08/09 10:12:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Warning letter.doc
[2010/07/29 16:31:15 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Current Commercials.doc
[2010/07/29 11:51:19 | 022,497,545 | ---- | M] (i9Technologoies) -- C:\Documents and Settings\Mike\My Documents\iSymphony client-2.1.15b-rev1678-win32.exe
[2010/07/27 11:29:36 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\a list of all advertisiers.doc
[2010/07/20 11:23:59 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\A list of all our shows.doc
[2010/07/20 09:49:54 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/07/15 08:34:57 | 010,771,456 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\CC and MBP QB (Portable).QBM
[2010/07/15 08:30:14 | 000,050,424 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 08:29:24 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/07/15 08:29:24 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Simple Start Free Edition.lnk
[2010/07/15 08:16:26 | 489,204,736 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Mike\Desktop\QuickBooksSimpleStartFree2010.exe
[2010/07/15 08:12:23 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Setup_QuickBooksSimpleStartFree2010.lnk
[2010/07/14 19:06:58 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/14 19:06:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Spybot - Search & Destroy.lnk
[2010/07/14 19:05:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\CCleaner.lnk
[2010/07/13 11:18:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/13 11:16:29 | 004,835,784 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/07/13 11:01:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/13 10:53:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/02 15:18:04 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/07/02 15:17:32 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/02 15:17:32 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/25 14:37:09 | 005,209,340 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\YouTube- Multiple Stab Wounds May Be Harmful To Monkeys.25&id=710ec9ed48ec46a8
[2010/06/25 14:31:43 | 009,952,494 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\YouTube- Are We Giving Robots Too Much Power.25&id=386c5d80d27f9593
[2010/06/22 12:08:25 | 000,166,503 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\sheldon 1.JPG
[2010/06/17 10:44:59 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic FileCure.lnk
[2010/06/16 15:49:42 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\The Guys Who Like to Eat.doc
[2010/06/16 12:08:44 | 220,905,469 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Mommy Talk 6-15-10.wmv
[2010/06/11 17:37:13 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\TEMP. TIME CARD.doc
[2010/06/11 16:09:24 | 022,826,090 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\drunk history- alexander hamilton.wmv
[2010/06/11 15:44:28 | 010,895,423 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\YouTube- Drunk History vol. 1 - Featuring Michael Cera.wmv
[2010/06/11 12:29:49 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Central Valley Talk Show Agreement.doc
[2010/06/11 10:35:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\James Muniz.doc
[2010/05/26 17:11:42 | 002,369,003 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\YouTube- Ardi Rizal Smoking VIDEO Sumatran 2-Year Old Smokes 40 Cigarettes A Day.wmv
[2010/05/26 11:21:48 | 003,632,985 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Suns Top Lakers to Even Series.wmv
[2010/05/26 11:19:56 | 001,997,695 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Owner of Chimpanzee in Conn. Mauling Dies at 72.wmv
[2010/05/26 11:17:36 | 003,866,561 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Outdoors Super Bowl for NJ in 2014.wmv
[2010/05/26 11:15:58 | 002,871,391 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\ShowBiz Minute McCready, James, Scherzinger.wmv
[2010/05/26 11:14:22 | 003,796,269 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Baby Lives After Stroller Hit by Train.wmv
[2010/05/26 10:23:26 | 191,681,559 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\52410 White House Press Briefing.wmv
[2010/05/25 16:39:04 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Hardship Letter.doc
[2010/05/20 15:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mike\My Documents\~$ntral Valley Talk Show Agreement.doc
[2 C:\Documents and Settings\Mike\My Documents\*.tmp files -> C:\Documents and Settings\Mike\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\WINDOWS\System32\jidegufa.exe
[2010/08/16 12:17:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\gmer.exe
[2010/08/16 12:05:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\NTREGOPT.lnk
[2010/08/16 12:05:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\ERUNT.lnk
[2010/08/16 11:06:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\housecall.guid.cache
[2010/08/16 10:34:27 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk
[2010/08/11 03:02:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/09 12:22:21 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Hosts weekly attendance.doc
[2010/08/06 15:02:35 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Warning letter.doc
[2010/07/29 16:31:15 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Current Commercials.doc
[2010/07/26 16:53:17 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\a list of all advertisiers.doc
[2010/07/20 11:23:58 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\A list of all our shows.doc
[2010/07/15 08:34:57 | 010,771,456 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\CC and MBP QB (Portable).QBM
[2010/07/15 08:29:24 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/07/15 08:29:24 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Simple Start Free Edition.lnk
[2010/07/15 08:25:28 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/07/15 08:12:23 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Setup_QuickBooksSimpleStartFree2010.lnk
[2010/07/14 19:06:58 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/14 19:06:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Spybot - Search & Destroy.lnk
[2010/07/14 19:05:26 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\CCleaner.lnk
[2010/07/13 10:53:55 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/09 09:55:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 15:18:04 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/07/02 15:18:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/07/02 15:17:32 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/02 15:17:32 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/25 14:37:09 | 005,209,340 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\YouTube- Multiple Stab Wounds May Be Harmful To Monkeys.25&id=710ec9ed48ec46a8
[2010/06/25 14:31:43 | 009,952,494 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\YouTube- Are We Giving Robots Too Much Power.25&id=386c5d80d27f9593
[2010/06/22 12:08:25 | 000,166,503 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\sheldon 1.JPG
[2010/06/18 16:59:24 | 004,161,105 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\YouTube- ShowBiz Minute Woods, Gosselin, Houston.wmv
[2010/06/18 16:59:24 | 002,369,003 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\YouTube- Ardi Rizal Smoking VIDEO Sumatran 2-Year Old Smokes 40 Cigarettes A Day.wmv
[2010/06/18 16:59:24 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\WMPInfo.xml
[2010/06/18 16:59:23 | 003,632,985 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Suns Top Lakers to Even Series.wmv
[2010/06/18 16:59:23 | 003,070,464 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Rob T 1.MSWMM
[2010/06/18 16:59:23 | 002,871,391 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\ShowBiz Minute McCready, James, Scherzinger.wmv
[2010/06/18 16:59:23 | 001,997,695 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Owner of Chimpanzee in Conn. Mauling Dies at 72.wmv
[2010/06/18 16:59:23 | 000,244,224 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\tina wigs.MSWMM
[2010/06/18 16:59:23 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\top hr. comm.MSWMM
[2010/06/18 16:59:22 | 008,920,671 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\new mad town_0001.wmv
[2010/06/18 16:59:22 | 003,866,561 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Outdoors Super Bowl for NJ in 2014.wmv
[2010/06/18 16:59:22 | 000,096,648 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\model 2.jpg
[2010/06/18 16:59:22 | 000,033,484 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\model 4.jpg
[2010/06/18 16:59:22 | 000,022,828 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\model 6.jpg
[2010/06/18 16:59:22 | 000,013,253 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\model 3.jpg
[2010/06/18 16:59:22 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\model 1.jpg
[2010/06/18 16:59:21 | 009,501,825 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Loopme_87.wmv
[2010/06/18 16:59:21 | 001,110,016 | R--- | C] () -- C:\Documents and Settings\Mike\My Documents\LaunchU3.exe
[2010/06/18 16:59:20 | 007,233,182 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\John Warona.wmv
[2010/06/18 16:59:20 | 000,008,605 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\jade hall.jpg
[2010/06/18 16:59:19 | 012,829,981 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Good Take.wmv
[2010/06/18 16:59:19 | 003,165,696 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\erica bummper.MSWMM
[2010/06/18 16:59:18 | 022,826,090 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\drunk history- alexander hamilton.wmv
[2010/06/18 16:59:18 | 000,041,528 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\bobbyjoeneelyomb.jpg
[2010/06/18 16:59:17 | 032,495,043 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\barbara hunt.wmv
[2010/06/18 16:59:17 | 004,304,791 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Avadis Ad-1.wmv
[2010/06/18 16:59:17 | 003,796,269 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Baby Lives After Stroller Hit by Train.wmv
[2010/06/18 16:59:09 | 191,681,559 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\52410 White House Press Briefing.wmv
[2010/06/18 16:59:09 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\30 min. comm.MSWMM
[2010/06/18 15:17:21 | 220,905,469 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Mommy Talk 6-15-10.wmv
[2010/06/17 10:45:05 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/06/17 10:45:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2010/06/17 10:45:00 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\FileCure Default.job
[2010/06/17 10:44:59 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic FileCure.lnk
[2010/06/17 10:44:59 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/06/16 15:48:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\The Guys Who Like to Eat.doc
[2010/06/11 17:29:44 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\TEMP. TIME CARD.doc
[2010/06/11 15:48:06 | 010,895,423 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\YouTube- Drunk History vol. 1 - Featuring Michael Cera.wmv
[2010/06/11 10:25:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\James Muniz.doc
[2010/05/25 16:31:10 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Hardship Letter.doc
[2010/05/20 15:25:00 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Central Valley Talk Show Agreement.doc
[2010/05/20 15:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\My Documents\~$ntral Valley Talk Show Agreement.doc
[2010/03/16 16:35:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\PUTTY.RND
[2010/02/17 12:43:06 | 000,166,912 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 16:26:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/16 15:32:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/12 15:04:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/13 17:10:12 | 000,080,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\parport.sys
[2008/04/13 16:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/15 08:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/07 10:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/06/17 10:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/07/15 08:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/06/17 10:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/19 12:00:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SGNSD
[2010/07/15 08:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/02/16 15:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/05/28 11:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\EurekaLog
[2010/05/07 10:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FinalMediaPlayer
[2010/02/16 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GrabIt
[2010/07/14 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\myfreezetoolbar
[2010/05/07 10:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PC Speed Maximizer
[2010/04/21 18:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Search Settings
[2010/03/29 11:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\WeatherBug
[2010/04/21 18:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\YouTube Downloader
[2010/08/14 01:15:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Default.job
[2010/08/16 12:49:08 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Startup.job
[2010/08/15 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/08/15 00:56:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/12 12:58:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/12 12:54:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/16 09:56:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/03/19 16:07:29 | 000,014,041 | ---- | M] () -- C:\ComboFix.txt
[2010/02/12 12:58:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/12 12:58:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/12 12:58:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 16:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/16 12:49:01 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/02/12 12:58:11 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 06:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/02/12 04:47:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/12 04:47:58 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/12 04:47:58 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/02/12 12:58:37 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 10:06:39

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >




OTL Extras logfile created on: 8/16/2010 12:51:44 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.81 Gb Free Space | 29.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-7BB150A374
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\wpabaln.exe" = C:\WINDOWS\system32\wpabaln.exe:*:Enabled:wpabaln -- (Microsoft Corporation)
"C:\Program Files\Telestream\Desktop Presenter\Desktop Presenter.exe" = C:\Program Files\Telestream\Desktop Presenter\Desktop Presenter.exe:*:Enabled:Desktop Presenter -- (Telestream Inc)
"C:\Documents and Settings\All Users\Application Data\b5c0829\SGb5c0.exe" = C:\Documents and Settings\All Users\Application Data\b5c0829\SGb5c0.exe:*:Enabled:Security Guard -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CDC6B95-7011-4EF5-9896-3CAEE030B598}" = Desktop Presenter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3DE5A2-54E3-4846-8C9C-6C373CE43712}" = Symantec Endpoint Protection Small Business Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"ERUNT_is1" = ERUNT 1.1j
"FinalMediaPlayer_is1" = Final Media Player 2010
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"ie8" = Windows Internet Explorer 8
"iSymphony" = iSymphony
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PC Speed Maximizer_is1" = PC Speed Maximizer v2.1
"PROSet" = Intel® Network Connections Drivers
"SP46137" = HP Softpaq SP46137
"SumatraPDF" = Sumatra PDF reader
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"Yahoo! Software Update" = Yahoo! Software Update
"YRefresher_is1" = Yrefresher 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2010 11:22:28 AM | Computer Name = MIKE-7BB150A374 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 8/16/2010 12:22:28 PM | Computer Name = MIKE-7BB150A374 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 8/16/2010 1:11:42 PM | Computer Name = MIKE-7BB150A374 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 8/16/2010 1:15:59 PM | Computer Name = MIKE-7BB150A374 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 8/16/2010 2:12:28 PM | Computer Name = MIKE-7BB150A374 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 8/16/2010 3:10:47 PM | Computer Name = MIKE-7BB150A374 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 8/16/2010 3:19:23 PM | Computer Name = MIKE-7BB150A374 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 8/16/2010 3:29:29 PM | Computer Name = MIKE-7BB150A374 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2010 3:29:29 PM | Computer Name = MIKE-7BB150A374 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2010 3:30:52 PM | Computer Name = MIKE-7BB150A374 | Source = Application Hang | ID = 1001
Description = Fault bucket 1608518328.

[ System Events ]
Error - 8/16/2010 3:31:20 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Management Client
service to connect.

Error - 8/16/2010 3:31:20 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7000
Description = The Symantec Management Client service failed to start due to the
following error: %%1053

Error - 8/16/2010 3:31:32 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 8/16/2010 3:31:41 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 8/16/2010 3:31:41 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

Error - 8/16/2010 3:31:49 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Symantec Event Manager service,
but this action failed with the following error: %%1056

Error - 8/16/2010 3:49:15 PM | Computer Name = MIKE-7BB150A374 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 8/16/2010 3:49:15 PM | Computer Name = MIKE-7BB150A374 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/16/2010 3:49:15 PM | Computer Name = MIKE-7BB150A374 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/16/2010 3:49:20 PM | Computer Name = MIKE-7BB150A374 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%2001


< End of report >
  • 0

Advertisements

#2
sbrig420
Posted 23 August 2010 - 05:33 PM

sbrig420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
bump
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP