Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't Find Infection - Odd Temp Log Files Trying To Remote Update

Started by Jason Jay , Apr 10 2011 11:43 AM

  • Please log in to reply

#1
Jason Jay
Posted 10 April 2011 - 11:43 AM

Jason Jay

    New Member

  • Member
  • Pip
  • 6 posts
I am cleaning up my mother's computer. I have run Malwarebytes, Spyware Doctor, and CA Antivirus. There several items found, and supposedly cleaned. Malware's quanrantine history includes Trojan.Downloader, Trojan.Agent, Trojan.Hiloti, and Trojan.Gamevance from my efforts in February. More recently it was Trojan.BHO.

The machine has not been used during these weeks that I have been trying to get it cleaned (only work on it here and there as we don't live in the same city).

Here is a recent log from Malwarebytes:
==================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5989

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/8/2011 11:38:35 AM
mbam-log-2011-03-08 (11-38-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 294077
Time elapsed: 1 hour(s), 34 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Noon.Noon.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Noon.Noon (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ED2390A-E6F6-F895-FE75-013E2D97184A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ED2390A-E6F6-F895-FE75-013E2D97184A} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\noon.dll (Trojan.BHO) -> Quarantined and deleted successfully.
==================

Now, scans from CA Antivirus, Spyware Doctor, and Malwarebytes are coming up clean. However, I see something else that doesn't seem right.

There is a temp folder (c:\temp) that keeps getting these regular log files that I don't recognize. They occur as often as 5 minutes apart. Some are very small, like this:

17:25:12.062 IEProcess=C:\Program Files\Internet Explorer\iexplore.exe
17:25:12.109 non-system, exit

And some are longer like this:
------------------------------
16:26:09.796 IE Finished
16:26:09.796 Cur tick: 65149359, next check: 66049656
16:41:10.109 Check for job
16:41:10.109 Request=r-ads.info/_/getupdate.php?id1=10005&id2=1
16:41:10.484 Answer=<job>
<ext>r-ads.info/_/getupdate.php?id1=#ID1#&id2=#ID2#</ext>
<period>20</period>
<seed>fref312e</seed>
</job>
<click>
<url>http://r-ads.info/in...clickme=1</url>
<referer>http://dcdcgroup.com...ction</referer>
<x>10</x>
<y>10</y>
<w>800</w>
<h>500</h>
<cnt>5</cnt>
<ua>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR</ua>
<cookie>clickme=1</cookie>
</click>

16:41:10.484 URL=http://r-ads.info/index.php?affid=39&subid=10005&q=accounting+for+construction&ref=http%3A%2F%2Fdcdcgroup.com%2Fsearch%2F%3Faccounting%2Bfor%2Bconstruction&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+GTB6.6%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+InfoPath.2%3B+.NET+CLR&clickme=1
16:41:10.484 DESK=gdkajine
16:41:10.484 Run="C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://r-ads.info/in...T CLR&clickme=1
16:41:10.796 IE Started
16:51:15.156 IE Finished
16:51:15.156 Cur tick: 66654718, next check: 67249671
17:01:10.109 Check for job
17:01:10.109 Request=r-ads.info/_/getupdate.php?id1=10005&id2=1
17:01:10.406 Answer=<job>
<ext>r-ads.info/_/getupdate.php?id1=#ID1#&id2=#ID2#</ext>
<period>20</period>
<seed>fref312e</seed>
</job>
<click>
<url>http://r-ads.info/in...clickme=1</url>
<referer>http://easyburningca...chise</referer>
<x>10</x>
<y>10</y>
<w>800</w>
<h>500</h>
<cnt>5</cnt>
<ua>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR</ua>
<cookie>clickme=1</cookie>
</click>

17:01:10.406 URL=http://r-ads.info/index.php?affid=39&subid=10005&q=how+to+franchise&ref=http%3A%2F%2Feasyburningcamslive.info%2Fsearch%2F%3Fhow%2Bto%2Bfranchise&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+GTB6.6%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CLR&clickme=1
17:01:10.406 DESK=gdkajine
17:01:10.406 Run="C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://r-ads.info/in...T CLR&clickme=1
17:01:10.718 IE Started
17:11:14.125 IE Finished
17:11:14.125 Cur tick: 67853687, next check: 68449671
17:21:10.125 Check for job
17:21:10.125 Request=r-ads.info/_/getupdate.php?id1=10005&id2=1
17:21:10.500 Answer=<job>
<ext>r-ads.info/_/getupdate.php?id1=#ID1#&id2=#ID2#</ext>
<period>20</period>
<seed>fref312e</seed>
</job>
<click>
<url>http://r-ads.info/in...clickme=1</url>
<referer>http://brochureisumm...y tax</referer>
<x>10</x>
<y>10</y>
<w>800</w>
<h>500</h>
<cnt>5</cnt>
<ua>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13</ua>
<cookie>clickme=1</cookie>
</click>

17:21:10.500 URL=http://r-ads.info/index.php?affid=39&subid=10005&q=dallas+texas+property+tax&ref=http%3A%2F%2Fbrochureisummary.com%2Fsearch%2F%3Fdallas%2Btexas%2Bproperty%2Btax&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+5.1%3B+en-US%29+AppleWebKit%2F534.13+%28KHTML%2C+like+Gecko%29+Chrome%2F9.0.597.94+Safari%2F534.13&clickme=1
17:21:10.562 DESK=gdkajine
17:21:10.609 Run="C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://r-ads.info/in...34.13&clickme=1
17:21:11.015 IE Started
17:31:15.750 IE Finished
17:31:15.750 Cur tick: 69055312, next check: 69649671
------------------------------

Looking through these files shows that something is still starting an IE process (seemingly under the SYSTEM account, as I have been killing this process from task manager) and trying to remotely request data from other servers.

I don't know what this is, and from the URLs in the log, I don't think it is a "preferred feature".

Here is my OTL log:
======================
OTL logfile created on: 4/10/2011 12:37:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Sources
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 188.57 Gb Free Space | 80.97% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 158.85 Gb Free Space | 53.29% Space Free | Partition Type: NTFS

Computer Name: JEWEL-PC | User Name: Jewel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 12:35:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Sources\OTL.exe
PRC - [2011/02/14 16:39:18 | 001,883,984 | ---- | M] (SmartSync Software) -- C:\Program Files\SmartSync Software\SmartSync Pro\SmSrvc.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/08/26 23:10:00 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/08/26 23:09:59 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010/07/27 22:04:48 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/07/27 22:04:46 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/04 14:35:10 | 000,610,304 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\AgentMon.exe
PRC - [2008/09/04 14:35:10 | 000,229,376 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
PRC - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/08/06 16:27:22 | 002,164,088 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/04/05 11:07:02 | 000,573,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/03/28 17:38:32 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (SafeList) ==========

MOD - [2011/04/10 12:35:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Sources\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/04/05 10:52:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 10:19:02 | 001,156,568 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/26 23:10:00 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/07/27 22:04:48 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/04 14:35:10 | 000,610,304 | ---- | M] (Kaseya) [Auto | Running] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KaseyaAgent)
SRV - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2008/08/06 16:27:22 | 002,164,088 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/08/27 12:47:42 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/08/27 12:47:42 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/08/26 23:10:17 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2010/08/26 23:10:17 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2010/08/26 23:10:17 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2010/08/26 23:10:16 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/11 12:34:22 | 003,225,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/17 16:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 01:21:26 | 000,061,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/03/30 14:35:58 | 000,020,792 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KaPFA.sys -- (KAPFA)
DRV - [2007/11/15 03:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/08/01 20:07:37 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/02/05 10:23:20 | 003,624,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/28 17:56:06 | 000,027,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/03/28 17:55:58 | 000,069,760 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/03/28 17:55:04 | 000,055,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/03/28 17:54:46 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/?ppud=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE E4 F9 13 23 29 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\Firefox\ [2011/04/09 17:49:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/16 16:55:34 | 000,000,754 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.2.3 HP000D9D1BC014
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SmartSync Pro 3] C:\Program Files\SmartSync Software\SmartSync Pro\SmartSync.exe (SmartSync Software)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1182294394375 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://k.slpowers.c...c/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 8.8.8.8 205.152.132.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/06 17:14:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 12:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/10 12:18:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/10 12:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/04/10 12:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/04/09 18:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/09 18:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/04/09 18:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jewel\Local Settings\Application Data\Apple
[2011/04/09 18:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/09 18:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/04/09 18:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jewel\Local Settings\Application Data\Threat Expert
[2011/04/09 17:49:35 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/04/09 17:49:34 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/04/09 17:49:34 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/04/09 17:45:14 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/04/09 17:45:14 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/04/09 17:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/04/09 13:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 12:41:10 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/10 12:36:46 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Jewel\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011/04/09 18:31:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/09 18:31:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/04/09 18:29:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/09 18:21:41 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 18:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 18:20:44 | 1878,446,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/09 17:45:23 | 000,651,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/09 13:05:10 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Jewel\Desktop\Win32-Adclicker.DYN - CA Technologies.url
[2011/04/09 13:00:47 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Jewel\Desktop\Encyclopedia entry TrojanWinNT-Alureon.S - Learn more about malware - Microsoft Malware Protection Center.url
[2011/04/09 12:58:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/09 12:41:57 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/09 12:38:33 | 000,444,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/09 12:38:33 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 12:41:10 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/10 12:36:46 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Jewel\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011/04/10 12:24:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/09 18:31:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/04/09 18:31:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/09 18:29:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/09 18:29:53 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/04/09 17:49:35 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/04/09 17:49:35 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/04/09 17:49:35 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/04/09 17:49:35 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/04/09 17:49:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/04/09 17:45:15 | 000,651,226 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/09 13:05:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Jewel\Desktop\Win32-Adclicker.DYN - CA Technologies.url
[2011/04/09 13:00:47 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jewel\Desktop\Encyclopedia entry TrojanWinNT-Alureon.S - Learn more about malware - Microsoft Malware Protection Center.url
[2011/04/09 12:41:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/02/16 15:08:27 | 000,000,610 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/11 01:13:16 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Y7ahHjtlP567
[2011/02/11 01:13:16 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Y7ahHjtlP567r
[2011/02/11 00:08:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/02/11 00:07:49 | 000,061,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\nic1394.sys
[2011/01/30 23:13:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/14 13:10:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/03/03 12:18:04 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/11 09:38:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 09:38:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/10 13:59:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/04/07 23:40:13 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2007/10/22 21:38:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2007/09/01 23:36:52 | 000,000,106 | ---- | C] () -- C:\WINDOWS\KPD.INI
[2007/08/07 20:21:16 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/08/07 20:21:15 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/08/07 19:21:45 | 000,068,900 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2007/08/07 19:21:45 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2007/08/01 20:24:12 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\L8042mou.Sys
[2007/07/31 18:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/28 19:00:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/14 21:40:30 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Jewel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/24 12:36:13 | 000,000,217 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/06/22 20:23:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/19 20:29:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jewel\Local Settings\Application Data\fusioncache.dat
[2007/06/07 09:49:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/07 08:47:07 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/06/07 08:47:07 | 000,174,819 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/06 17:17:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/06 17:11:27 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/06 12:37:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/06 12:36:44 | 000,857,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 08:00:00 | 000,444,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2007/07/31 22:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2007/06/24 13:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/07/31 22:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/04/10 00:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/26 22:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jewel\Application Data\GetRightToGo
[2007/08/13 22:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jewel\Application Data\Snapfish
[2011/01/14 19:11:20 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\20100409_162100_Jewel.job
[2011/01/14 19:11:18 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\20100409_162100_Jewel2.job
[2011/03/08 16:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
======================


I am also including below the Extras.txt log file from the OTL scan:

======================
OTL Extras logfile created on: 4/10/2011 12:37:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Sources
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 188.57 Gb Free Space | 80.97% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 158.85 Gb Free Space | 53.29% Space Free | Partition Type: NTFS

Computer Name: JEWEL-PC | User Name: Jewel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Documents and Settings\Jewel\Local Settings\Temp\vncviewer.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"E:\Setup\HPZnet01.exe" = E:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled: -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\temp\KRlyCLis.exe" = C:\temp\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener
"C:\Documents and Settings\Jewel\Local Settings\Temp\KRlyCLis.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener -- (Kaseya)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server -- (RealVNC Ltd.)
"C:\temp\KRlyCCon.exe" = C:\temp\KRlyCCon.exe:*:Enabled:KRlyCCon
"C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2D41\Setup\HPZnet01.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2D41\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- (Hewlett-Packard)
"C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2E90\HPSDU.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2E90\HPSDU.exe:*:Enabled:HP Scan Diagnostic Utility


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02BA9203-12CC-894F-B986-4E9EFF8BC14A}" = CCC Help Japanese
"{0364C04C-6E3E-AB50-08BD-8AE5002EF8DB}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A3F04F-B869-FB73-F0BF-CB1A49514E38}" = Catalyst Control Center Core Implementation
"{08147A04-DEA8-443B-3837-7EEEE351560C}" = Catalyst Control Center Localization Japanese
"{0D16E3F2-08D6-6EA1-DAEF-EF4D5C4BD072}" = CCC Help Italian
"{0F60A17A-AB50-FCE6-76E4-D30242B3E7B0}" = Catalyst Control Center Localization Italian
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{16D81724-A58A-C20C-5790-468C7EAD3ECA}" = Catalyst Control Center Localization Finnish
"{1A2EAC38-60F3-86F7-B518-3761E77E30F7}" = Catalyst Control Center Localization Russian
"{1AA98911-FADB-41F2-2C9E-E3E7AEDCAECA}" = Catalyst Control Center Graphics Full New
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22D30F20-CB72-0230-3CB5-C31BCBF78AB5}" = Catalyst Control Center Localization German
"{26590A16-E70A-4A34-8D49-BD261A1FC5FD}" = CCC Help Danish
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2952B4C3-ED86-11DE-9057-E85FA094DEAD}" = CCC Help Turkish
"{29B50056-2065-16F9-61D2-79FFE1ABABED}" = Catalyst Control Center Localization Swedish
"{2A84A092-37EF-4F5E-55BA-DE7310C89656}" = ccc-core-preinstall
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{339D2328-5494-A715-27AB-AC61E9E6C352}" = Catalyst Control Center Graphics Light
"{344FD9C1-3068-71B9-089F-F6A562CC5D8C}" = Catalyst Control Center Localization Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A8A29E6-D4DE-1C8E-8A14-6EECE3482324}" = Catalyst Control Center Localization Portuguese
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D29A08C-4D7A-22C7-4DA7-3DF4A3AA57F4}" = CCC Help Spanish
"{3EBFF4BC-1F23-129C-A1B4-83EA377B3B7E}" = CCC Help Russian
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{50CD1264-F1B3-128C-DD5A-5ED488152457}" = Catalyst Control Center Graphics Full Existing
"{50F29AD6-0E41-452D-021C-106EB7EA383A}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5D732C8D-0558-5943-5CEB-802D95664E5D}" = CCC Help English
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{63DE8625-31E4-2A5B-AEFD-48C016D775BF}" = CCC Help Swedish
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2C18DB-B45D-D60E-CDD7-CEFC769A9E5E}" = Catalyst Control Center Localization Thai
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{742E3576-AA94-E766-39C2-CE441F0EBF91}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{792B507D-075E-F2D8-DCAC-736BF8F1FD06}" = CCC Help Korean
"{7AD0293F-EBAE-46BA-74F2-9B64A27C97F9}" = Catalyst Control Center Localization Polish
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{82B880E9-D0E9-E7F9-25C6-9E2A0E7D4D4E}" = Catalyst Control Center Localization Greek
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87DCF127-24D4-4A83-DAA3-0BF056CF344D}" = CCC Help German
"{88A70E49-393A-1056-0D60-9EFAF1B4BE11}" = Catalyst Control Center Localization Norwegian
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6509B1-DDE7-E62C-222F-9D08337A2ED2}" = CCC Help Hungarian
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CA5B43B-0904-3D3F-2338-43551437C8AD}" = Catalyst Control Center Localization Dutch
"{8E992F0B-2F59-ACF1-9B06-5FB2769F53E9}" = CCC Help French
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93ACD5DE-29D1-4B0A-0EE1-EE58334EF845}" = ccc-utility
"{94DA7C00-FE0D-06C8-06CC-37133FAA461D}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52314FB-8246-727B-AAB8-AAC18EDDA97F}" = Catalyst Control Center Localization Spanish
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BB5202A5-B5B4-4899-ADD9-984EA71FA979}" = Catalyst Control Center - Branding
"{BBCF9D58-809D-9BE7-A92F-FA7F925477D9}" = Catalyst Control Center Localization Chinese Standard
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C4DCAD15-B754-4FD9-8035-713FE919B118}" = PrintMaster Gold 17
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6E8B756-6E2E-4D4B-304D-46698E9BECEA}" = CCC Help Thai
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB073BAE-1804-0FCA-D063-CB45AFF5C640}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5BB7DF-4B9D-D421-D786-16EDD678DBBA}" = CCC Help Dutch
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D105A381-BE51-6C97-AD58-7B9080562544}" = Catalyst Control Center Localization Turkish
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D37E224D-667B-97A9-3C99-185039C5B6BC}" = CCC Help Chinese Standard
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{D593F493-AA74-0657-CF52-CD69E1E8464D}" = CCC Help Polish
"{DAAFE24A-9B25-640D-C00C-E32F8153123E}" = Catalyst Control Center Localization Czech
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}" = Nero 7 Essentials
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3D3F767-C9CF-45FF-67AB-6C5278FE3361}" = Catalyst Control Center Localization French
"{E4F4D55D-46C0-150B-EAB5-62A6F7986AD7}" = CCC Help Finnish
"{E986E3ED-A9F7-5C0C-9E8C-BA5C9E84221D}" = CCC Help Portuguese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D4EA0C-B8A0-35BD-4EEA-8178D59AA589}" = CCC Help Norwegian
"{F89C3E22-321B-D376-2044-8E52EC95851B}" = Catalyst Control Center Localization Danish
"{FBF87F09-93C6-F129-66E2-BF5E73229F3E}" = Skins
"{FC058842-1EE8-D2AB-1650-FFD7DE2C0571}" = CCC Help Czech
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Browser Defender_is1" = Browser Defender 3.0
"Bubblets_is1" = Bubblets 1.0
"cciss_av" = CA Anti-Virus
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSI Live Update 3" = MSI Live Update 3
"PC Alert 4" = PC Alert 4
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealVNC_is1" = VNC Enterprise Edition E4.4.3
"Shop for HP Supplies" = Shop for HP Supplies
"SmartSync Pro 3" = SmartSync Pro 3
"Spyware Doctor" = Spyware Doctor 8.0
"TreeComp" = TreeComp
"TurboTax 2009" = TurboTax 2009
"Tweak UI 2.10" = Tweak UI
"VETWIN32Vp5" = CA Anti-Virus
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2011 12:56:55 PM | Computer Name = JEWEL-PC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 4/9/2011 12:58:37 PM | Computer Name = JEWEL-PC | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 4/9/2011 12:58:37 PM | Computer Name = JEWEL-PC | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 4/9/2011 4:50:42 PM | Computer Name = JEWEL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2011 5:02:23 PM | Computer Name = JEWEL-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x002627c1.

Error - 4/9/2011 5:06:20 PM | Computer Name = JEWEL-PC | Source = Application Hang | ID = 1002
Description = Hanging application Upgrade.exe, version 6.1.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2011 5:10:06 PM | Computer Name = JEWEL-PC | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

Error - 4/9/2011 5:13:24 PM | Computer Name = JEWEL-PC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 4/9/2011 5:16:29 PM | Computer Name = JEWEL-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x93ee074a.

Error - 4/9/2011 5:18:21 PM | Computer Name = JEWEL-PC | Source = Application Error | ID = 1001
Description = Fault bucket 1859476749.

[ System Events ]
Error - 4/9/2011 5:30:00 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/9/2011 5:30:00 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/9/2011 5:30:55 PM | Computer Name = JEWEL-PC | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.

Error - 4/9/2011 5:31:18 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2482

Error - 4/9/2011 5:31:38 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 4/9/2011 6:21:15 PM | Computer Name = JEWEL-PC | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.

Error - 4/9/2011 6:21:22 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/9/2011 6:21:22 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/9/2011 6:21:28 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2482

Error - 4/9/2011 6:23:02 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

======================


Thank you for your help in trying to find the culprit.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP