I attached avast mbam logs and mal url information.
Background
While browsing on 7/31, Internet Explorer became unresponsive, after closing I noticed Zentom system guard had installed.
OTL logfile created on: 8/5/2011 11:28:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Joe C\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.53 Mb Total Physical Memory | 272.68 Mb Available Physical Memory | 53.31% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 1.26 Gb Free Space | 8.43% Space Free | Partition Type: NTFS
Drive D: | 59.57 Gb Total Space | 50.26 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Computer Name: VALUED-7B9600FA | User Name: Joe C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/05 19:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe C\Desktop\OTL.com
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/01/07 15:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/29 20:43:48 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
========== Modules (SafeList) ==========
MOD - [2011/08/05 19:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe C\Desktop\OTL.com
MOD - [2007/03/08 11:36:28 | 000,345,600 | ---- | M] () -- C:\WINDOWS\oqiluqoti.dll
MOD - [2006/10/16 12:15:00 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oledlg.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/07/31 16:40:34 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\termvw32.dll -- (TermServices)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2001/09/28 02:26:40 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
========== Driver Services (SafeList) ==========
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/29 07:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2003/05/22 01:20:36 | 000,259,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/05/22 01:20:36 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/05/22 01:20:36 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/05/22 01:20:36 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/05/22 01:20:36 | 000,022,713 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/05/22 01:20:36 | 000,021,737 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/01 10:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/12/06 13:49:44 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SonyFKC.sys -- (SonyFKC)
DRV - [2001/11/13 02:26:32 | 000,029,702 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2001/09/21 20:16:46 | 000,593,000 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Smbe.sys -- (SMBE) Sony MPEG2 Encoder Board (WDM)
DRV - [2001/08/17 17:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 16:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 16:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10
DRV - [2001/05/08 21:57:20 | 000,467,985 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2000/12/05 20:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/03/09 12:24:42 | 000,007,196 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\V7.SYS -- (V7)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...activ_tech_main
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Joe C\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Joe C\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9D0B73C9-9771-41B1-A730-85C9CB8EDAB0}: C:\Documents and Settings\Joe C\Local Settings\Application Data\{9D0B73C9-9771-41B1-A730-85C9CB8EDAB0} [2011/08/01 07:58:22 | 000,000,000 | ---D | M]
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LIVEUPDATE\LiveUpdate.exe (Openwares)
O4 - HKLM..\Run: [Qbogaruyum] C:\WINDOWS\oqiluqoti.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [Pvuyahexofip] C:\WINDOWS\wmltael.dll (Agere Systems)
O4 - HKCU..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1106791878324 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\termssvces: DllName - temlvw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Joe C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/13 20:38:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O33 - MountPoints2\{5d24bc4e-5e3d-11dd-8b05-00e0185effd4}\Shell\AutoRun\command - "" = H:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{654aaeeb-f2bd-11dc-89f7-00e0185effd4}\Shell\AutoRun\command - "" = H:\wd_windows_tools\setup.exe
O33 - MountPoints2\{fb63758f-9bda-11de-8e74-00e0185effd4}\Shell - "" = AutoRun
O33 - MountPoints2\{fb63758f-9bda-11de-8e74-00e0185effd4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb63758f-9bda-11de-8e74-00e0185effd4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 5 Professional\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/05 19:00:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe C\Desktop\OTL.com
[2011/08/04 15:22:41 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joe C\Desktop\aswMBR.exe
[2011/08/03 15:55:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/03 15:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/03 15:55:42 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/03 15:55:27 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/03 15:55:26 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/03 15:55:26 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/03 15:55:24 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/03 15:55:24 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/03 15:55:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/03 15:53:52 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/03 15:53:50 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/03 15:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/03 15:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/03 15:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe C\My Documents\Downloads
[2011/08/03 09:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/03 08:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/02 15:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe C\Start Menu\Programs\Google Chrome
[2011/08/02 15:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe C\Local Settings\Application Data\Deployment
[2011/08/02 09:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/02 09:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/01 07:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe C\Local Settings\Application Data\{9D0B73C9-9771-41B1-A730-85C9CB8EDAB0}
[2011/07/31 13:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/07/31 11:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/31 11:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/31 08:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe C\Application Data\A4F8766DC83185428F312DE994F0586F
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/05 23:32:09 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004UA.job
[2011/08/05 22:57:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/05 22:56:06 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\shbskrkp.job
[2011/08/05 22:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/05 20:04:52 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 19:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe C\Desktop\OTL.com
[2011/08/05 15:32:12 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core.job
[2011/08/05 12:38:58 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\Joe C\Desktop\Norton_Removal_Tool.exe
[2011/08/05 09:16:36 | 000,002,404 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/05 00:04:40 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ltuhilofejinur.dat
[2011/08/05 00:03:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wkagus.bin
[2011/08/04 15:22:48 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joe C\Desktop\aswMBR.exe
[2011/08/04 11:14:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/03 15:55:45 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/03 15:55:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/02 15:32:35 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\Joe C\Desktop\Google Chrome.lnk
[2011/08/02 15:32:35 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\Joe C\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/01 17:30:16 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\PINTLPAEP.dll
[2011/07/23 15:28:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/23 14:55:24 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/05 12:38:50 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\Joe C\Desktop\Norton_Removal_Tool.exe
[2011/08/04 21:39:09 | 536,449,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/03 15:55:45 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/02 15:32:35 | 000,002,286 | ---- | C] () -- C:\Documents and Settings\Joe C\Desktop\Google Chrome.lnk
[2011/08/02 15:32:35 | 000,002,264 | ---- | C] () -- C:\Documents and Settings\Joe C\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/02 15:21:40 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004UA.job
[2011/08/02 15:21:39 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core.job
[2011/08/01 17:30:17 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\shbskrkp.job
[2011/08/01 17:30:16 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\PINTLPAEP.dll
[2011/08/01 07:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ltuhilofejinur.dat
[2011/08/01 07:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wkagus.bin
[2008/11/10 01:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/11/10 01:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/10/01 19:53:36 | 000,102,364 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2007/08/20 13:13:26 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/08/20 13:13:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/08/20 13:13:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/08/20 13:13:26 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/08/20 13:13:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/08/20 13:13:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/08/20 13:13:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/08/20 13:13:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/20 13:13:25 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/08/20 13:13:25 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/08/20 13:13:25 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/08/20 13:13:25 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/08/20 13:13:25 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/08/20 13:13:25 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/08/20 13:13:25 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/08/20 13:13:25 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/08/20 13:08:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/08/20 13:07:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2007/08/14 20:34:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/14 22:44:12 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/08/09 17:15:27 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Joe C\Application Data\PFP100JPR.{PB
[2006/08/09 17:15:27 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Joe C\Application Data\PFP100JCM.{PB
[2006/05/10 13:46:44 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/03/05 17:31:51 | 000,000,196 | ---- | C] () -- C:\WINDOWS\PicEdit.INI
[2005/11/09 14:49:33 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/07 17:00:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/03/08 15:14:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/19 12:56:20 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/02/15 13:31:42 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/02/15 13:31:41 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/02/15 12:55:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/31 19:29:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/01/26 21:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/01/26 21:59:03 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\macrovsn.dll
[2005/01/26 21:59:03 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MMDVDROM.dll
[2005/01/26 21:59:03 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\getregn.exe
[2005/01/26 21:53:06 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Joe C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/12/14 21:17:55 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2001/12/14 19:03:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2001/12/14 19:02:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2001/12/14 18:46:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/12/14 18:44:06 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2001/12/14 18:44:05 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2001/12/14 18:44:05 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2001/12/14 18:35:03 | 000,000,715 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2001/12/14 18:03:19 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/12/14 18:03:19 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2001/12/14 18:03:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2001/12/14 17:14:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/14 16:45:42 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/14 16:40:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/12/14 16:36:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/12/14 15:26:35 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
[2001/12/14 15:26:34 | 000,458,344 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
[2001/12/14 15:26:34 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
[2001/12/14 15:26:34 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
[2001/12/14 15:26:24 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/12/14 15:26:03 | 000,345,600 | ---- | C] () -- C:\WINDOWS\oqiluqoti.dll
[2001/12/14 15:25:55 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/12/14 15:25:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/12/14 15:25:55 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/12/14 15:25:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/12/14 15:25:53 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/14 15:25:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/12/14 15:25:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/14 15:25:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/12/14 15:25:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/12/14 15:25:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/12/14 15:25:29 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/12/14 08:31:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/12/14 08:30:44 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/12/05 11:52:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
========== LOP Check ==========
[2011/08/03 15:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/08/28 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2007/11/22 14:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/07/31 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe C\Application Data\A4F8766DC83185428F312DE994F0586F
[2007/09/04 16:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe C\Application Data\EPSON
[2001/12/14 18:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe C\Application Data\InterTrust
[2005/02/15 12:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe C\Application Data\Kazaa Lite
[2007/08/20 13:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe C\Application Data\Leadertech
[2011/08/05 22:56:06 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\shbskrkp.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 8/5/2011 11:28:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Joe C\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.53 Mb Total Physical Memory | 272.68 Mb Available Physical Memory | 53.31% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 1.26 Gb Free Space | 8.43% Space Free | Partition Type: NTFS
Drive D: | 59.57 Gb Total Space | 50.26 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Computer Name: VALUED-7B9600FA | User Name: Joe C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module -- (Support.com, Inc.)
"C:\Program Files\Kazaa Lite K++\Kazaa.kpp" = C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Disabled:Kazaa
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Documents and Settings\Joe C\Local Settings\Temp\7zS13.tmp\SymNRT.exe" = C:\Documents and Settings\Joe C\Local Settings\Temp\7zS13.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00609F70-5043-4C20-895A-D6EF7ACE9304}" = PicoPlayerSplashScreen
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX6000 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 26
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.12
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.2
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5C70C75F-A265-4C62-B90F-8F80AA69F262}" = PicoPlayer Demo
"{5FF58521-5E44-11D4-A433-00105A8547C6}" = PictureGear 5.1
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
"{72275927-4241-46A7-A9C4-B86C6B256EB6}" = ImageStation Demo
"{7F90516D-4F1F-4468-9FA1-46ECFB59E39F}" = Screenblast Sound Forge 1.0a
"{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
"{8139011A-4039-46C7-8614-A3F8948121AD}" = PicoPlayer
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
"{A228A09C-4826-42E0-A3D8-95B2BAAB5049}" = OpenMG Secure Module 3.0.01
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{AD3B1DDF-52AD-405E-B931-7ACF76937E5F}" = ImageStation
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B5B0ABC0-3177-11D3-AC45-0000F879D920}" = VisualFlow 2.1
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C7A5D4E9-7ED3-4FB5-8FC1-A6D99A727670}" = Screenblast ACID 2.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}" = MovieShaker 3.3
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
"{E52F43B3-1638-4624-9ACF-B130130AA13E}" = Experience VAIO
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.1.00
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}" = SonicStage CD-R Writing Module
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DVD Express A/V Pak" = DVDExpress
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"iolo technologies' System Mechanic 5 Professional" = iolo technologies' System Mechanic 5 Professional
"IrfanView" = IrfanView (remove only)
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoPrinter 2000 Pro" = PhotoPrinter 2000 Pro
"PokerStars" = PokerStars
"RealPlayer 6.0" = RealPlayer
"RealProducer 8.5" = RealProducer Basic 8.5
"Silent Package Run-Time Sample" = EPSON CX6000 Series User's Guide
"Sony on Yahoo! Essentials" = Sony on Yahoo! Essentials
"Spyware Doctor_is1" = Spyware Doctor 3.1
"VAIO Support" = VAIO Support
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/3/2011 3:52:14 PM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/3/2011 3:52:14 PM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/3/2011 3:52:14 PM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 8/3/2011 3:52:15 PM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/3/2011 3:52:15 PM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 8/3/2011 7:31:46 PM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module wmltael.dll, version 2.7.0.0, fault address 0x00005a1b.
Error - 8/4/2011 10:41:53 AM | Computer Name = VALUED-7B9600FA | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/4/2011 10:59:29 AM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module wmltael.dll, version 2.7.0.0, fault address 0x00005a1b.
Error - 8/4/2011 11:00:07 AM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 8/5/2011 12:51:00 PM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
[ System Events ]
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:55:33 PM | Computer Name = VALUED-7B9600FA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 8/5/2011 10:56:52 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
< End of report >