Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

6bbfb054d09af044963d4900 folder in my C:\ Drive. I can't dele


  • This topic is locked This topic is locked

#1
yoda76

yoda76

    Member

  • Member
  • PipPipPip
  • 114 posts
I do not know how this got in my C:\ folder, but I just noticed it today. The folder is just titled: 6bbfb054d09af044963d4900. I have not attempted to open it, but there is a "eula.rtf" that is restricting me from deleting the folder and its contents.

When I hover over the folder I see a few files:
HotFixInstaller.exe
header.bmp
Dhtmlheader.html

I have scanned this folder with avira and malwarebytes and it comes up with nothing.

I believe my computer has also been slower, but that could just be my mind tricking me.

The one source that I think I could have gotten this from is a .jpg attachment I downloaded on yahoo mail. After I downloaded it, this screen came up asking me to upgrade my quicktime player and would not go away. I decided to turn my computer off and it kept saying that it was installing updates, so I had to shut it off manually.

I really have no idea what is going on with this...

Thanks in advance.
  • 0

Advertisements


#2
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hi there and welcome to the forums! ;)

As far as I know, folders like that are usually download or extraction locations for Microsoft updates. This is confirmed in your case by the files you described.
I have three folders like that on my XP machine. So, nothing to worry about. :D

Also, the Quicktime update after you downloaded the jpeg picture is more than likely just a coincidence. However, if you want, I can take a quick look just to make sure.


Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#3
yoda76

yoda76

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Here is the OTL:

OTL logfile created on: 10/10/2010 9:28:43 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Patrick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.79 Gb Total Space | 202.82 Gb Free Space | 68.80% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK-381460E
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/10 09:26:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/06/18 18:01:00 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/08/27 15:57:50 | 001,343,488 | ---- | M] () -- C:\Program Files\NETGEAR\WN111\wn111.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/10/10 09:26:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/05 13:51:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Patrick\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010/10/09 21:35:20 | 000,137,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/07/09 18:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/21 18:58:42 | 000,011,136 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\danew.sys -- (danewFltr)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/16 18:52:00 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/21 04:25:02 | 000,460,928 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/18 17:31:46 | 000,089,216 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://search.yahoo....fr=ytff-tyc&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/19 00:21:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/19 00:21:57 | 000,000,000 | ---D | M]

[2010/01/09 13:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2010/10/09 23:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\fu76dsbq.default\extensions
[2010/06/24 19:28:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\fu76dsbq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 20:03:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\fu76dsbq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/09 23:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248473679421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/24 17:28:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/09 21:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 02:21:09 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/01/31 04:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 22:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 22:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3d9368bb-7899-11de-8bb7-e2796a3ed06d}\Shell\AutoRun\command - "" = driver\usb\UsbStartups.exe
O33 - MountPoints2\{3d9368bb-7899-11de-8bb7-e2796a3ed06d}\Shell\open\command - "" = driver\usb\UsbStartups.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/06 18:11:50 | 000,000,000 | ---D | C] -- C:\6bbfb054d09af044963d4900
[2010/10/04 19:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\My Documents\EA Games
[2010/09/28 20:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\My Games
[2010/09/06 17:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Desktop\ptrk1
[2010/08/20 21:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Desktop\apt
[2010/08/12 12:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\Xfire
[2010/08/12 12:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/10 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\2K Games
[2010/07/27 22:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Desktop\unoproster
[2010/07/21 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ArmA 2 OA DEMO
[2010/07/14 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Desktop\INVOICES
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/10 09:25:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/10 09:25:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/10 09:25:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 23:50:52 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Patrick\ntuser.dat
[2010/10/09 23:15:23 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\geeks2go.URL
[2010/10/09 22:52:18 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/10/09 21:35:20 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/08 22:38:04 | 004,844,750 | -H-- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2010/10/06 22:43:23 | 000,373,496 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\lowdenoE.psd
[2010/10/04 19:51:39 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\PnkBstrK.sys
[2010/10/04 19:47:25 | 002,601,752 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010/10/04 16:00:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/28 17:07:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/26 17:38:46 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Sid Meier's Civilization V - Demo.url
[2010/09/14 16:46:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 00:49:16 | 000,205,309 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-09-05 00_49_14.796875.dmp
[2010/09/04 08:28:18 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Black Ops 247.URL
[2010/08/24 20:28:59 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Mafia II.url
[2010/08/22 17:26:04 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\coh.doc
[2010/08/19 11:18:15 | 001,594,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/18 22:21:48 | 000,090,288 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/12 12:49:47 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010/08/12 12:49:47 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/10 21:04:08 | 000,515,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 21:04:08 | 000,450,516 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 21:04:08 | 000,075,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/07 23:28:59 | 000,203,877 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-08-07 23_28_58.578125.dmp
[2010/08/05 22:17:59 | 000,204,857 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-08-05 22_17_56.140625.dmp
[2010/08/02 18:55:51 | 000,176,633 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-08-02 18_55_49.046875.dmp
[2010/07/28 22:12:52 | 000,194,618 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-07-28 22_12_50.328125.dmp
[2010/07/25 13:45:55 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/25 13:45:55 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/25 13:45:52 | 000,000,410 | ---- | M] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2010/07/25 13:41:42 | 000,194,094 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-07-25 13_41_41.687500.dmp
[2010/07/25 13:39:26 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/25 13:39:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/25 10:42:37 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 23:15:23 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\geeks2go.URL
[2010/10/06 21:18:02 | 000,373,496 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\lowdenoE.psd
[2010/10/04 19:51:16 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010/09/26 17:38:46 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\Sid Meier's Civilization V - Demo.url
[2010/09/05 00:49:14 | 000,205,309 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-09-05 00_49_14.796875.dmp
[2010/09/04 08:28:18 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\Black Ops 247.URL
[2010/08/24 20:28:59 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\Mafia II.url
[2010/08/12 12:49:47 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010/08/12 12:49:47 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/07 23:28:58 | 000,203,877 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-08-07 23_28_58.578125.dmp
[2010/08/05 22:17:56 | 000,204,857 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-08-05 22_17_56.140625.dmp
[2010/08/02 18:55:49 | 000,176,633 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-08-02 18_55_49.046875.dmp
[2010/07/28 22:12:50 | 000,194,618 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-07-28 22_12_50.328125.dmp
[2010/07/25 13:41:41 | 000,194,094 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\ts3_clientui-win32-11315-2010-07-25 13_41_41.687500.dmp
[2010/07/25 13:39:26 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/25 13:39:25 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/25 13:39:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/25 13:39:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/09 15:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/11/18 20:19:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/01 19:41:52 | 000,047,124 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\prvlcl.dat
[2009/10/05 14:00:12 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/09/01 23:42:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Patrick\Application Data\setup_ldm.iss
[2009/07/27 12:49:44 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009/07/26 18:16:25 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Patrick\Application Data\PnkBstrK.sys
[2009/07/26 18:16:25 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/26 18:15:54 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/07/25 18:45:48 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 12:50:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/07/25 12:50:37 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/06 19:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/25 16:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/05 16:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/02 12:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/25 20:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/25 19:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Leadertech
[2009/08/01 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Publish Providers
[2009/11/14 15:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Razer
[2009/08/01 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Sony
[2009/08/01 11:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Sony Setup
[2010/03/13 16:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\The Creative Assembly
[2010/09/15 15:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\TS3Client
[2010/03/13 12:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Ubisoft
[2009/10/17 22:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Wargaming.Net

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/24 17:28:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/23 16:24:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/24 17:28:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/24 17:28:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/24 17:28:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/25 11:14:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/10 09:25:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/07/24 12:21:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/24 12:21:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/24 12:21:05 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-07 01:00:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Program Files\AcidFonts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Patrick\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Patrick\Desktop\MyMusic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Patrick\Desktop\iTunes:Roxio EMC Stream
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
  • 0

#4
yoda76

yoda76

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Extras:

OTL Extras logfile created on: 10/10/2010 9:28:43 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Patrick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.79 Gb Total Space | 202.82 Gb Free Space | 68.80% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK-381460E
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe" = C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\order of war - demo\oow_final.bin" = C:\Program Files\Steam\steamapps\common\order of war - demo\oow_final.bin:*:Disabled:Thu Jul 23 06:02:39 2009 -- File not found
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\Program Files\Steam\steamapps\they0da\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\they0da\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- (THQ Canada Inc.)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe" = C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe:*:Disabled:ZeroGearServer -- File not found
"C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe" = C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"C:\Program Files\Steam\steamapps\common\company of heroes\help.htm" = C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- File not found
"C:\Program Files\Steam\steamapps\common\mafia ii\pc\mafia2.exe" = C:\Program Files\Steam\steamapps\common\mafia ii\pc\mafia2.exe:*:Enabled:Mafia II -- (2K Czech)
"C:\Program Files\Steam\steamapps\common\medal of honor beta\MoHMPGame.exe" = C:\Program Files\Steam\steamapps\common\medal of honor beta\MoHMPGame.exe:*:Enabled:Medal of Honor Beta -- (EA Digital Illusions CE AB)
"C:\Program Files\Steam\steamapps\common\medal of honor beta\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\medal of honor beta\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Medal of Honor Beta -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Steam\steamapps\they0da\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\they0da\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v - demo\Launcher.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization v - demo\Launcher.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games)
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v - demo\CivilizationV.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization v - demo\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"7BDD6421B73797179E9A97E5C7DE019FBC77147F" = Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AGrcon v1.0" = AGrcon v1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"Eastern Front" = Eastern Front
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.7.1
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 65900" = Sid Meier's Civilization V - Demo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CPMP-Tools" = CPMP-Tools

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2010 9:54:22 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80131018

Error - 10/6/2010 9:54:23 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80131018

Error - 10/6/2010 9:54:26 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131018

Error - 10/6/2010 9:54:29 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80131018

Error - 10/6/2010 9:54:36 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80131018

Error - 10/6/2010 9:54:43 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.Activities, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131018

Error - 10/6/2010 9:54:52 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131018

Error - 10/6/2010 9:54:56 PM | Computer Name = PATRICK-381460E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.WorkflowServices, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131018

Error - 10/8/2010 8:55:51 PM | Computer Name = PATRICK-381460E | Source = Application Hang | ID = 1002
Description = Hanging application ts3client_win32.exe, version 1.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2010 3:15:24 PM | Computer Name = PATRICK-381460E | Source = ESENT | ID = 490
Description = svchost (1320) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 9/27/2010 4:56:41 PM | Computer Name = PATRICK-381460E | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 9/27/2010 4:57:02 PM | Computer Name = PATRICK-381460E | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.

Error - 9/27/2010 5:05:30 PM | Computer Name = PATRICK-381460E | Source = VolSnap | ID = 393226
Description = The shadow copy of volume C: took too long to install.

Error - 9/27/2010 5:09:10 PM | Computer Name = PATRICK-381460E | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 9/27/2010 5:09:32 PM | Computer Name = PATRICK-381460E | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.

Error - 9/27/2010 5:28:50 PM | Computer Name = PATRICK-381460E | Source = VolSnap | ID = 393226
Description = The shadow copy of volume C: took too long to install.


< End of report >
  • 0

#5
yoda76

yoda76

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Everything check out ok?
  • 0

#6
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hi there,

Everything looks good except for one orphaned every. Orphaned means that there's a reference to it in the registry, but no actual file to go with it. So again, no worries.
We'll fix it and run a final-check scan.


Step № One
Run OTL (Double click to run)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Patrick\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    
    :Services
    cpuz130
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, and accept to reboot when it's finished.
  • During start-up, a log will open. Paste the contents of it back here


Step № Two
Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Logs&Info
Remember to post back the following logs:
  • OTL Fix Results
  • MalwareBytes' Anti-Malware Report (found on the Log tab)

  • 0

#7
yoda76

yoda76

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
OTL:

All processes killed
========== OTL ==========
Service cpuz130 stopped successfully!
Service cpuz130 deleted successfully!
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\cpuz130\cpuz_x32.sys not found.
========== SERVICES/DRIVERS ==========
Error: No service named cpuz130 was found to stop!
Service\Driver key cpuz130 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2264412 bytes

User: Patrick
->Temp folder emptied: 226774724 bytes
->Temporary Internet Files folder emptied: 7835952 bytes
->Java cache emptied: 79096153 bytes
->FireFox cache emptied: 122380958 bytes
->Flash cache emptied: 2216112 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4972905 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1391247 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77728234 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 501.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10112010_155732

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



-----------------------------------------------------------




MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4796

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/11/2010 4:05:24 PM
mbam-log-2010-10-11 (16-05-24).txt

Scan type: Quick scan
Objects scanned: 144103
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hi there,

Everything looks fine. How is the computer running? Any problems at all?

If so, stop here and let me know what they are. Otherwise, proceed with the following cleanup instructions:


========================================================================================



;)
You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.


System Restore
System Restore creates snapshots of your computer, called Restore Points, so that in the event something goes wrong, you can restore your computer to an earlier date. Viruses would have gotten got in the Restore Point snapshots also and can reinfect you if you restore to an infected date. Clearing the Restore Points and making a new one is essential after removal:
  • Open OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :commands
    [CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
  • You may or may not be asked to reboot. In any case, I don't need the log that follows.



Removal of Removal-Tools
This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.
  • Open OTL.
  • In the top right corner will be a button called "Clean Up!"; click it.
  • Follow any prompts, and reboot when prompted.
  • OTL will be gone on startup also. Delete any logs or leftover tools manually.


Windows Updates
You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

Go to Tools > Windows Update, within Internet Explorer
  • Click Express. It will check for updates for your computer.
  • Click Install Updates. A windows should pop up giving the status of each update.
  • Reboot when prompted.

If you're feeling lazy you can turn on Automatic Updates which will do the work for you.
  • Click Start, then Control Panel
  • Click Automatic Updates
  • Check Automatic (Recommended)
  • Ok your way out.

More information about Windows Updates and configurations can be found here.




Prevention Programs and Practices
  • Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
  • The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.
  • Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.
  • Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:


If you are wondering how you got infected in the first place please visit this cool page called:
How did I get infected in the first place?

Glad I could help, piano9playa5 :D
  • 0

#9
yoda76

yoda76

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Thankyou so much for all the help! I would rather be safe than sorry :]

Thanks again.
  • 0

#10
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP