Strange Happenings -7034s, 7024s, 20063, ZA Err [Solved]

Looked at EVENT LOG ... SYSTEM and realized I hadn't gone back far enough ... the first error recorded is 7022 ... The TrueVector Internet Monitor service hung on starting.

Hello 911pchelp,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

Thank you for your help.

Combofix and HJT done - logs included below.

May have 'jumped the gun' and shut-down / booted. Tried to keep record of times:

• 2 1/2 mins to shut-down
• 18 mins to boot
• 45 secs to launch HJT
• 3:20 mins:secs to run HJT

Happened to notice that there were several entries in HJT log for NORTON/SYMANTEC ... but don't have NAV installed ... used to but removed it (or thought I did) and installed AVG. Could this be a reason for the unreasonable speed?

Also, when started FF ... got a notification the FF was NOT my default browser. It was before combofix.

Here are the logs: HJT first

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:31 AM, on 2/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Clipomatic\Clipomatic.exe
E:\Program Files\pita210\Pitaschio.exe
C:\Program Files\SpamPal\spampal.exe
E:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
E:\processes\nwProcessExplorer\procexp.exe
H:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Clipomatic] E:\Program Files\Clipomatic\Clipomatic.exe
O4 - Startup: procexp (2).lnk = E:\processes\nwProcessExplorer\procexp.exe
O4 - Startup: Shortcut to Pitaschio.exe.lnk = E:\Program Files\pita210\Pitaschio.exe
O4 - Startup: SpamPl.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - ?p=ZRxdm529YYUS
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - http://supportcenter...ad/tgctlins.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://supportcenter...oad/tgctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - http://community.web...wsaxcontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139291678343
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6998 bytes

============================================================================

ComboFix 09-02-12.03 - Alan 2009-02-14 0:42:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.649 [GMT -5:00]
Running from: f:\firefox\downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-01-27 18:38 . 2009-02-12 14:38 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-27 18:38 . 2009-02-08 22:57 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-27 18:38 . 2009-02-08 22:57 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-27 18:38 . 2009-02-08 22:57 10,520 --a------ c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 20:57 98,664 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_13_09_26_31_small.dmp.zip
2009-02-13 20:57 85,918 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_13_09_26_25_small.dmp.zip
2009-02-13 14:12 304,331,851 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_12_14_57_04_full.dmp.zip
2009-02-13 13:49 80,456 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_12_14_56_31_small.dmp.zip
2009-02-13 04:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 02:57 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-12 19:18 89,495 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_11_18_44_40_small.dmp.zip
2009-02-12 19:18 102,809 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_11_18_45_09_small.dmp.zip
2009-02-11 23:06 97,275 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_11_09_12_44_small.dmp.zip
2009-02-11 23:06 84,920 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_11_09_11_57_small.dmp.zip
2009-02-11 21:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-09 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-05 17:03 3,298,976 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-02 07:10 1,681,408 ----a-w c:\windows\Internet Logs\xDB17.tmp
2009-01-31 01:47 44,032 ----a-w c:\windows\Internet Logs\xDB16.tmp
2009-01-30 06:57 91,136 ----a-w c:\windows\Internet Logs\xDB15.tmp
2009-01-28 00:04 52,736 ----a-w c:\windows\Internet Logs\xDB14.tmp
2009-01-27 06:35 84,992 ----a-w c:\windows\Internet Logs\xDB13.tmp
2009-01-25 05:59 126,464 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-01-21 19:07 286,208 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-01-19 06:58 1,644,032 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-01-10 06:36 150,528 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-01-07 20:22 --------- d-----w c:\program files\PortReporter
2009-01-07 20:16 --------- d-----w c:\program files\PortReporter.old.1231359764
2009-01-04 06:45 167,424 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-12-27 07:02 104,960 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-12-23 07:03 202,752 -c--a-w c:\windows\Internet Logs\xDBC.tmp
2008-12-18 19:36 --------- d-----w c:\program files\Windows Installer Clean Up
2008-12-18 19:36 --------- d-----w c:\program files\MSECACHE
2008-12-14 07:09 178,688 -c--a-w c:\windows\Internet Logs\xDBB.tmp
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-12-07 06:39 261,632 -c--a-w c:\windows\Internet Logs\xDBA.tmp
2008-11-28 06:46 116,224 -c--a-w c:\windows\Internet Logs\xDB9.tmp
2008-11-24 06:37 371,200 -c--a-w c:\windows\Internet Logs\xDB8.tmp
2007-11-03 04:52 382 ----a-w c:\program files\Shortcut to Program Files.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clipomatic"="e:\program files\Clipomatic\Clipomatic.exe" [1999-05-15 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-08 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 148888]

c:\documents and settings\Alan\Start Menu\Programs\Startup\
procexp (2).lnk - e:\processes\nwProcessExplorer\procexp.exe [2008-05-01 3523624]
Shortcut to Pitaschio.exe.lnk - e:\program files\pita210\Pitaschio.exe [2007-05-21 90112]
SpamPl.lnk - c:\program files\SpamPal\spampal.exe [2006-01-29 507904]
Webshots.lnk - e:\program files\Webshots\Launcher.exe [2006-01-28 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-08 22:57 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^pitadll.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 RITFSD;RITFSD;c:\windows\system32\drivers\RITFSD.sys [2006-01-31 32961]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-27 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-27 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-27 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-27 298264]
R2 Rcfilter;Rcfilter;c:\windows\system32\drivers\Rcfilter.sys [2006-01-31 32128]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2007-08-23 14976]
S1 SASDIFSV;SASDIFSV;\??\e:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\e:\program files\SUPERAntiSpyware\SASKUTIL.sys --> e:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 exdisk;Express Disk Service;c:\windows\system32\DRIVERS\exdisk.sys --> c:\windows\system32\DRIVERS\exdisk.sys [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-01-27 13724]
S3 mxInsMon;mxInsMon;e:\progra~1\ALADDI~1\SPRING~1\mxInsMon.sys [2003-12-10 15360]
S3 SASENUM;SASENUM;\??\e:\program files\SUPERAntiSpyware\SASENUM.SYS --> e:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-11-10 15576]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP111
.
Contents of the 'Scheduled Tasks' folder

2009-02-06 c:\windows\Tasks\GlaryInitialize.job
- e:\program files\Glary Utilities\initialize.exe [2008-04-09 13:22]

2009-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2052111302-725345543-1004.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 20:24]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - e:\program files\SUPERAntiSpyware\SASWINLO.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZRxdm529YYUS
LSP: c:\program files\SpamPal\spampalLSP.dll
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlins.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 00:44:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Clipomatic = e:\program files\Clipomatic\Clipomatic.exe????????????????????????A~`?W???????????A~????????????????|??????|,???????`?W????????????? u??`cE~??A~??A~????????????????????????????&?@?????????????p?????????A~`?W?????????????????u]B~?????]B~??????????????????@? K@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-14 0:46:57
ComboFix-quarantined-files.txt 2009-02-14 05:46:31

Pre-Run: 1,817,440,256 bytes free
Post-Run: 1,805,238,272 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

155 --- E O F --- 2007-12-21 17:23:23

Unless I am mistaken you are running two anti-virus and firewall programs.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please unistall either of AVG8 or Norton Symantec. Also you have ZoneAlarm firewall running. Please uninstall it at least for the meantime.

If you decide to uninstall Norton Symantec; then after you have uninstalled it:

Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam.

Now

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :reg
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03b9a982-cd7d-11dd-b80c-001fd022518e}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa594a65-c0c9-11dd-9dee-806e6f6e6963}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e772de05-c5c6-11dd-9807-001fd022518e}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd76ad4d-f6a6-11dd-9a47-001fd022518e}]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Am very confused

I knew of the problems with two AV's ... so when switched to AVG (3 years ago) made sure that NAV was completely gone.

... but don't have NAV installed ... used to but removed it (or thought I did) and installed AVG

In fact I consulted GTG to make sure NAV was completely gone.

Anyway ...
Did have NAV 2005 (which Add/Remove 'says' is installed) long ago ... but when I attempted to uninstall now, Add/Revm (WIN version) said there had been some kind of error and it was already uninstalled. The Add/Revm from EasyCleaner (ToniArts) has several entries - none of which can be uninstalled - and ALL are invalid. (I don't a NAV 2005 CD - have the NAV2005 exe which I had downloaded when renewed NAV ... but it wasn't recognized as a valid package).

Suspect a registry problem where XP 'thinks' NAV2005 is there. Is there a way to verify this?

I've look at all the 'Program Files' folders on my machine (have one on C:, E:,and H: .. C and E are same physical drive, H is a 2nd HD) ... so I don't know where the processes come from .

Not sure where to go from here !!

Yes I have found this before where Norton doesn't get uninstalled properly.

Usually runing the Norton removal tool will fix it.

It's not clear to me from your answer that you tried that option.

So have you used the Norton Removal tool yet? It would be the best way to get rid of those residues.

Yes did try NRT before last post - the copy I had was back-level and Symantec stopped me .... sorry - didn't pursue further.

NOW - Downloaded latest version and tried to run .... it extracted, Symnrt.exe process was left in the machine but stopped and didn't display anything.

Firstly please uninstall ZoneAlarm.

Then

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.

After that try the Norton Removal tool again. Come back and tell me how you get on.

Also please post a new HijackThis log when you return.

Sorry it's taken so long to respond ... have been checking files but PC is so sssssssllooowww.

First, ZA doesn't show up in the add/remv list for either WIN or EasyCleaner - there are no ZA folders in any 'Program Files' - there are no entries for ZA in my Startup file - and finally, there are no standalone ZA related files on my hd's.

From the HJT log I see that a ZA folder/file is in WINDOWS/SYSTEM32 ... should I delete this?

I had left the PC to watch Bball (on TV) and when I came back, the NRT was running. Did it's thing but didn't remove all of NAV.

To get us back in sync, I'll wait for your response before continuing.

Hello 911pchelp,

Lets approach this step by step. I think the reason your machine is so slow is because of the remnants of those two programs ZoneLabs and Norton.

Lets see if we can remove the Zonelabs one now.

Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :services
  vsmon
  
  :files
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  
  :commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post

• OTMoveIt3 log
• OTlistIt.txt and Extras.txt

OT's done

OT3:
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service vsmon stopped successfully.
Service vsmon deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\ZoneLabs\vsmon.exe moved successfully.
========== COMMANDS ==========
File delete failed.
C:\DOCUME~1\Alan\LOCALS~1\Temp\etilqs_GaJs5esHOUXduTYLcRac scheduled to
be deleted on reboot.
File delete failed.
C:\DOCUME~1\Alan\LOCALS~1\Temp\Perflib_Perfdata_d28.dat scheduled to be
deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7d4.dat scheduled
to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Alan\Local
Settings\Application Data\Mozilla\Firefox\Profiles\8a5knr8q.ALAN
NEW\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Alan\Local
Settings\Application Data\Mozilla\Firefox\Profiles\8a5knr8q.ALAN
NEW\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Alan\Local
Settings\Application Data\Mozilla\Firefox\Profiles\8a5knr8q.ALAN
NEW\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Alan\Local
Settings\Application Data\Mozilla\Firefox\Profiles\8a5knr8q.ALAN
NEW\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Alan\Local
Settings\Application Data\Mozilla\Firefox\Profiles\8a5knr8q.ALAN
NEW\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Alan\Local
Settings\Application Data\Mozilla\Firefox\Profiles\8a5knr8q.ALAN
NEW\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_011315


OT2:
OTListIt logfile created on: 2/15/2009 1:37:56 AM - Run
OTListIt2 by OldTimer - Version 2.0.0.12 Folder = F:\Firefox\downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 687.13 Mb Available Physical Memory | 67.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 1500 2000;F:\pagefile.sys 0 0;S:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 2.37 Gb Free Space | 25.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.31 Gb Total Space | 2.72 Gb Free Space | 29.21% Space Free | Partition Type: FAT32
Drive F: | 27.93 Gb Total Space | 15.12 Gb Free Space | 54.12% Space Free | Partition Type: FAT32
Drive G: | 27.93 Gb Total Space | 25.17 Gb Free Space | 90.11% Space Free | Partition Type: FAT32
Drive H: | 27.94 Gb Total Space | 19.05 Gb Free Space | 68.19% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 3.77 Gb Total Space | 1.49 Gb Free Space | 39.51% Space Free | Partition Type: FAT
Drive S: | 27.93 Gb Total Space | 21.52 Gb Free Space | 77.05% Space Free | Partition Type: FAT32

Computer Name: SUNRISE-RAP
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - E:\Program Files\Clipomatic\Clipomatic.exe ( )
PRC - E:\Program Files\pita210\Pitaschio.exe ( )
PRC - C:\Program Files\SpamPal\spampal.exe (SpamPal.org)
PRC - E:\PROGRA~1\Webshots\webshots.scr (Webshots.com)
PRC - F:\Firefox\downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard [Auto | Stopped]) -- File not found
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Stopped]) -- File not found
SRV - (gusvc [On_Demand | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (SNMPTRAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\snmptrap.exe (Microsoft Corporation)
SRV - (vsmon [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WudfSvc [Auto | Running]) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\dxe1015b.sys (Best Buy Corporation )
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (itchfltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (kbdhid [System | Running]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (LCcfltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (mxInsMon [On_Demand | Stopped]) -- E:\PROGRA~1\ALADDI~1\SPRING~1\mxInsMon.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
DRV - (Rcfilter [Auto | Running]) -- C:\WINDOWS\system32\drivers\Rcfilter.sys (FarStone Technology Inc.,)
DRV - (RITFSD [Boot | Running]) -- C:\WINDOWS\system32\drivers\RITFSD.sys ()
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SBKUPNT [Auto | Running]) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Wdf01000 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wdf01000.sys (Microsoft Corporation)
DRV - (Wdm1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbbc.sys ()
DRV - (WS2IFSL [System | Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (253869 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8842 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Clipomatic] E:\Program Files\Clipomatic\Clipomatic.exe ( )
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\procexp (2).lnk = E:\processes\nwProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Shortcut to Pitaschio.exe.lnk = E:\Program Files\pita210\Pitaschio.exe ( )
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\SpamPl.lnk = C:\Program Files\SpamPal\spampal.exe (SpamPal.org)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Webshots.lnk = E:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - ?p=ZRxdm529YYUS
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\SpamPal\spampalLSP.dll (SpamPal.org)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} http://supportcenter...ad/tgctlins.cab (Reg Error: Key error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://supportcenter...oad/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.web...wsaxcontrol.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139291678343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AutoSetup.log () - [ NTFS ]
O32 - Autorun File - E:\autorunsc [2007/07/12 15:36:26 00,000,000 | ---D | M] - [ FAT32 ]
O32 - Autorun File - E:\AutoUpd.txt () - [ FAT32 ]
O32 - Autorun File - E:\autoStreamer.exe (Antonis Kaladis) - [ FAT32 ]
O32 - Autorun File - J:\autoRunCD [2008/05/23 19:49:36 00,000,000 | ---D | M] - [ FAT ]
O32 - Autorun File - J:\autoStitch [2008/05/23 19:49:58 00,000,000 | ---D | M] - [ FAT ]

========== Files/Folders - Created Within 30 Days ==========

[2009/02/14 23:04:14 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Add-Remove Pro.lnk
[2009/02/14 16:32:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/02/14 02:16:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/14 00:41:45 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/02/14 00:41:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/02/14 00:41:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/14 00:40:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/02/14 00:40:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/02/14 00:40:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/02/14 00:40:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/14 00:40:07 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/02/14 00:40:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/14 00:40:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/14 00:40:07 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/02/14 00:40:07 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/02/14 00:40:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/11 16:15:52 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Alan\Desktop\spybotsd162.exe
[2009/02/07 15:08:59 | 00,001,192 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2052111302-725345543-1004.job
[2009/01/28 17:18:02 | 00,000,258 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Shortcut to rips.lnk
[2009/01/27 18:38:23 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/01/27 18:38:22 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/01/27 18:38:21 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/01/27 18:38:12 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/01/27 18:38:10 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/01/27 18:38:06 | 33,147,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/27 18:38:06 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/01/27 18:38:06 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/01/27 18:38:06 | 00,102,133 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/27 18:38:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/01/24 17:42:38 | 00,002,211 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\e-Sword.lnk
[2009/01/20 14:18:28 | 00,331,451 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\FW_ Gender specific driving etiquette.eml

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/15 01:27:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/15 01:26:49 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/02/15 01:26:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/15 01:26:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/15 00:43:40 | 00,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2052111302-725345543-1004.job
[2009/02/15 00:06:14 | 33,147,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/14 23:04:14 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Add-Remove Pro.lnk
[2009/02/14 00:44:16 | 00,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/14 00:41:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/13 15:32:15 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Condo09.xlr
[2009/02/11 21:50:04 | 00,108,544 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 16:16:29 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Alan\Desktop\spybotsd162.exe
[2009/02/11 16:07:52 | 00,102,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/10 11:48:08 | 00,079,432 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/09 15:21:18 | 00,406,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/09 15:21:18 | 00,063,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/09 15:21:17 | 00,478,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/08 22:57:48 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/08 22:57:48 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/08 22:57:47 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/08 22:57:42 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/08 22:54:12 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/07 17:31:17 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/06 19:12:41 | 00,000,863 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/06 12:06:50 | 00,348,370 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/01/29 01:39:00 | 00,000,563 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\ccleaner.lnk
[2009/01/28 17:17:56 | 00,000,258 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Shortcut to rips.lnk
[2009/01/28 17:06:40 | 04,071,826 | -H-- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\IconCache.db
[2009/01/27 18:38:23 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/01/27 18:38:06 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/01/27 17:45:19 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\MS Word.lnk
[2009/01/27 17:00:02 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/01/25 13:07:38 | 00,000,467 | ---- | M] () -- C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Webshots.lnk
[2009/01/20 14:18:28 | 00,331,451 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\FW_ Gender specific driving etiquette.eml

========== LOP Check ==========

[2009/01/27 18:15:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alan\Application Data
[2008/10/31 11:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\.clamwin
[2008/01/16 16:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Adobe
[2006/06/07 22:01:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\AdobeUM
[2007/02/11 22:42:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Aim
[2007/06/18 19:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Apple Computer
[2006/02/15 17:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\ArcSoft
[2008/01/26 21:18:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Creative
[2007/07/22 12:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Desktop Sidebar
[2008/10/11 20:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\DisplayTune
[2006/03/15 19:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\EBookSys
[2007/02/02 22:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\EPSON
[2007/05/23 15:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\FastStone
[2008/07/27 23:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\FireShot
[2007/12/27 22:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\FUJIFILM
[2007/01/12 17:11:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Google
[2006/05/08 13:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Help
[2006/06/27 20:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\HP
[2008/11/04 14:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Hyperionics
[2008/06/01 00:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Identities
[2006/01/28 19:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Intuit
[2007/03/24 22:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\iPodder
[2008/10/25 11:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\JAM Software
[2008/07/16 21:30:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Lavasoft
[2006/01/27 18:50:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Leadertech
[2006/01/28 12:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Macromedia
[2008/10/08 14:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Malwarebytes
[2007/01/17 02:21:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Media Player Classic
[2009/02/08 22:50:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Alan\Application Data\Microsoft
[2006/01/28 16:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Microsoft Web Folders
[2008/11/05 19:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\minimem
[2008/07/09 15:00:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Move Networks
[2008/07/05 15:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Mozilla
[2007/09/10 13:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\MxBoost
[2007/09/10 00:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Netscape
[2007/03/20 23:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\OpenOffice.org2
[2007/08/21 21:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Opera
[2006/05/20 21:59:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PC Magazine Utilities
[2007/12/09 16:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Real
[2008/01/01 22:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Screenshot Studio Files
[2007/04/11 20:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SiteAdvisor
[2007/12/04 23:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Snapfish
[2008/07/25 13:47:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Snood
[2007/06/29 19:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SpamPal
[2006/01/30 21:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Sun
[2006/01/27 18:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Talkback
[2007/01/20 18:27:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Uniblue
[2006/01/28 12:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Webshots
[2008/11/03 14:49:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\WinPatrol
[2007/02/07 20:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\WinRAR
[2007/10/16 22:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\wsInspector
[2009/02/14 21:33:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/07/05 14:14:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/10/16 20:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/02/08 22:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2006/01/29 18:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/01/29 18:36:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2007/12/15 00:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/05/07 14:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/01/28 19:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/07/16 22:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/06/28 16:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/08/13 21:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/29 20:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2007/09/23 23:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/08 14:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/04/11 20:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/07/16 21:30:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/02/18 21:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/02/14 16:32:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2006/07/04 21:50:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2006/01/27 19:14:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007/01/17 02:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2007/04/11 20:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2006/06/27 20:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/02/12 23:04:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/10/14 22:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2006/03/08 11:56:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2007/06/24 16:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/06/10 18:00:27 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2007/07/27 20:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2007/04/16 19:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2007/03/24 22:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/07/29 21:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/29 21:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/02/05 01:27:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/10/26 21:02:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/15 01:26:49 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2009/02/15 00:43:40 | 00,001,192 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2052111302-725345543-1004.job
[2009/02/15 01:26:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >


Ext:
OTListIt Extras logfile created on: 2/15/2009 1:37:57 AM - Run
OTListIt2 by OldTimer - Version 2.0.0.12 Folder = F:\Firefox\downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 687.13 Mb Available Physical Memory | 67.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 1500 2000;F:\pagefile.sys 0 0;S:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 2.37 Gb Free Space | 25.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.31 Gb Total Space | 2.72 Gb Free Space | 29.21% Space Free | Partition Type: FAT32
Drive F: | 27.93 Gb Total Space | 15.12 Gb Free Space | 54.12% Space Free | Partition Type: FAT32
Drive G: | 27.93 Gb Total Space | 25.17 Gb Free Space | 90.11% Space Free | Partition Type: FAT32
Drive H: | 27.94 Gb Total Space | 19.05 Gb Free Space | 68.19% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 3.77 Gb Total Space | 1.49 Gb Free Space | 39.51% Space Free | Partition Type: FAT
Drive S: | 27.93 Gb Total Space | 21.52 Gb Free Space | 77.05% Space Free | Partition Type: FAT32

Computer Name: SUNRISE-RAP
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Moni

Hello 911pchelp,

Looks like that Extras log got cut off.

Please post the rest.

Thankyou
emeraldnzl

sorry for the 'cut-off' - complete extra below

had problems last night getting FF to stay connected long enough to send all the data ... tried 3 times .... also tried once with IE7 .... same thing today (am using daughters laptop right now). When first started FF, system lost fact that FF was default browser - had to reset.
My PC ( a desktop DELL, WIN XP SP2, 1.6 GHz, 1GB mem) seems to 'drop' the Internet connection after a few minutes (browser only .... Outlook Express works OK).

PC booted in 4:50 min/sec compared to 20+ mins previously.

After the Extras I'm including my Startup in .hml format (it's very short) in case you want.

Extras:
OTListIt Extras logfile created on: 2/15/2009 1:37:57 AM - Run
OTListIt2 by OldTimer - Version 2.0.0.12 Folder = F:\Firefox\downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 687.13 Mb Available Physical Memory | 67.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 1500 2000;F:\pagefile.sys 0 0;S:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 2.37 Gb Free Space | 25.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.31 Gb Total Space | 2.72 Gb Free Space | 29.21% Space Free | Partition Type: FAT32
Drive F: | 27.93 Gb Total Space | 15.12 Gb Free Space | 54.12% Space Free | Partition Type: FAT32
Drive G: | 27.93 Gb Total Space | 25.17 Gb Free Space | 90.11% Space Free | Partition Type: FAT32
Drive H: | 27.94 Gb Total Space | 19.05 Gb Free Space | 68.19% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 3.77 Gb Total Space | 1.49 Gb Free Space | 39.51% Space Free | Partition Type: FAT
Drive S: | 27.93 Gb Total Space | 21.52 Gb Free Space | 77.05% Space Free | Partition Type: FAT32

Computer Name: SUNRISE-RAP
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}" = Hallmark Card Studio 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37108923-1D85-4C00-8E22-D71D98D0E0B4}" = ABF Magnifying Tools
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3E719879-9914-4C56-843E-96D0C3FCC3FB}" = Safari
"{4BE4ABEF-18FE-457A-9B9A-3C4250220697}" = ARP++
"{4FD27B25-4128-4CDA-A322-F1C8F0D8FEC9}" = e-Sword
"{541230A3-1D3A-4879-B7E0-E71F90E35548}" = Norton AntiVirus SCSSDist MSI
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{91029CA6-FAA2-40BB-829B-974D2DDD5298}" = Hallmark Christian Card Studio
"{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 5, 4, 3
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A94BCEAC-3665-4D90-ADAD-914EF5F7C633}" = Back Roads Explorer Data Pack
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{BCCBE608-5C44-4507-AE11-55B36AE0E41B}" = The Print Shop Business Card Creator
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D76E8E9D-1198-4585-BEFB-D11A68BBC194}" = hpg4850QFolder
"{DB21E6A3-D0D0-44B0-AB3F-6F3C2C2FC07D}" = Spring Cleaning 3.0
"{DB8F7090-0594-4C31-B33F-4740E2A3F4C9}" = Ultimate Sudoku
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DE6CFFA1-4A51-11D6-BD6E-EF01F93E642D}" = SpamPal
"{E4E3B247-9A66-45B0-A624-278A0606B896}" = Hidden Utilities XP
"{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}" = Files Compare Tool
"{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}" = Opera 9.23
"{EA9A2BDE-D702-4B64-9C03-588409F82F81}" = Sapi
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"A86F74A8853ED6B1102811674C7B366AF1B276BB" = Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)
"Add/Remove Pro" = Add/Remove Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG Free 8.0
"BitMeter" = BitMeter
"CCleaner" = CCleaner (remove only)
"Clipomatic" = Clipomatic
"Compton's Interactive Bible NIV" = Compton's Interactive Bible NIV
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CSS Tab Designer_is1" = CSS Tab Designer v2.0
"EditPlus 2" = EditPlus 2
"EPSON Printer and Utilities" = EPSON Printer Software
"Eraser_is1" = Eraser
"ERUNT_is1" = ERUNT 1.1j
"FastStone Image Viewer" = FastStone Image Viewer 3.2
"Foxit Reader" = Foxit Reader
"Free CSS Toolbox_is1" = Free CSS Toolbox 1.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{DB21E6A3-D0D0-44B0-AB3F-6F3C2C2FC07D}" = Spring Cleaning 3.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.63
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Password Safe" = Password Safe
"PPTView97" = Microsoft PowerPoint Viewer 97
"pr5file" = Personal RecordKeeper
"PrintFolder_is1" = PrintFolder 1.2
"PRK Manual" = PRK Manual
"ProcessLibrary.com Quick Access_is1" = Uniblue Quick Access
"RegScrubXP_is1" = RegScrubXP 3.25
"Road Runner Medic 5.4_is1" = Road Runner Medic 5.4
"Silent Package Run-Time Sample" = EPSON C88 User's Guide
"Snood_is1" = Snood for Windows version 3.52-W
"SpeeDefrag_is1" = SpeeDefrag 5.2
"SysInfo" = Creative System Information
"The_Cleaner" = The Cleaner
"Tweak UI 2.10" = Tweak UI
"UltraExplorer_is1" = UltraExplorer 1.3.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Webshots Desktop" = Webshots Desktop
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xplorer2l" = xplorer² lite
"Yahoo! Messenger" = Yahoo! Messenger
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2009 3:13:21 PM | Computer Name = SUNRISE-RAP | Source = ESENT | ID = 473
Description = Catalog Database (1044) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
was partially detached. Error -1011 encountered updating database headers.

Error - 2/7/2009 5:37:49 PM | Computer Name = SUNRISE-RAP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/7/2009 7:58:40 PM | Computer Name = SUNRISE-RAP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/10/2001 1:24:49 AM | Computer Name = SUNRISE-RAP | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5318, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/10/2001 1:24:49 AM | Computer Name = SUNRISE-RAP | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 9/10/2001 1:24:55 AM | Computer Name = SUNRISE-RAP | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5318, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 2/8/2009 11:51:12 PM | Computer Name = SUNRISE-RAP | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 2/14/2009 12:59:41 AM | Computer Name = SUNRISE-RAP | Source = Application Error | ID = 1000
Description = Faulting application cschr.exe, version 2.0.27.0, faulting module
cschr.exe, version 2.0.27.0, fault address 0x00029e89.

Error - 2/14/2009 2:07:11 PM | Computer Name = SUNRISE-RAP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module inetcpl.cpl, version 7.0.6000.16762, fault address 0x00043f64.

Error - 2/14/2009 2:07:21 PM | Computer Name = SUNRISE-RAP | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ System Events ]
Error - 2/15/2009 12:34:00 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 2/15/2009 12:34:00 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AVG Anti-Spyware Driver AvgArCln AvgAsCln KLIF SASDIFSV SASKUTIL

Error - 2/15/2009 1:17:07 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/15/2009 2:13:16 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for DeleteFlag with the following
error: %%5

Error - 2/15/2009 2:20:41 AM | Computer Name = SUNRISE-RAP | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 2/15/2009 2:25:40 AM | Computer Name = SUNRISE-RAP | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 2/15/2009 2:27:31 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%2

Error - 2/15/2009 2:27:31 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7000
Description = The AVG Anti-Spyware Guard service failed to start due to the following
error: %%2

Error - 2/15/2009 2:27:31 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 2/15/2009 2:27:46 AM | Computer Name = SUNRISE-RAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AVG Anti-Spyware Driver AvgArCln AvgAsCln KLIF SASDIFSV SASKUTIL


< End of report >


Startup.hml
<HTML>
<TITLE>Startup listing</TITLE>
<META NAME="generator" CONTENT="ToniArts EasyCleaner">
</HEAD>
<BODY>
<TABLE>
<TR>
<TD BGCOLOR=#0000FF>
<B><FONT COLOR=FFFFFF>Program</FONT></B>
</TD>
<TD BGCOLOR=#0000FF>
<B><FONT COLOR=FFFFFF>File</FONT></B>
</TD>
<TD BGCOLOR=#0000FF>
<B><FONT COLOR=FFFFFF>Physical location</FONT></B>
</TD>
<TD BGCOLOR=#0000FF>
<B><FONT COLOR=FFFFFF>Value</FONT></B>
</TD>
<TD BGCOLOR=#0000FF>
<B><FONT COLOR=FFFFFF>Data</FONT></B>
</TD>
</TR>
<TR>
<TD>
Clipomatic2
</TD>
<TD>
E:\Program Files\Clipomatic\Clipomatic.exe
</TD>
<TD>
HKEY_CURRENT_USER\Software\MicroSoft\Windows\CurrentVersion\Run
</TD>
<TD>
Clipomatic
</TD>
<TD>
E:\Program Files\Clipomatic\Clipomatic.exe
</TD>
</TR>
<TR>
<TD>
AVG Internet Security
</TD>
<TD>
C:\PROGRA~1\AVG\AVG8\avgtray.exe
</TD>
<TD>
HKEY_LOCAL_MACHINE\Software\MicroSoft\Windows\CurrentVersion\Run
</TD>
<TD>
AVG8_TRAY
</TD>
<TD>
C:\PROGRA~1\AVG\AVG8\avgtray.exe
</TD>
</TR>
<TR>
<TD>
Java™ Platform SE 6 U12
</TD>
<TD>
C:\Program Files\Java\jre6\bin\jusched.exe
</TD>
<TD>
HKEY_LOCAL_MACHINE\Software\MicroSoft\Windows\CurrentVersion\Run
</TD>
<TD>
SunJavaUpdateSched
</TD>
<TD>
"C:\Program Files\Java\jre6\bin\jusched.exe"
</TD>
</TR>
<TR>
<TD>
N/A
</TD>
<TD>
E:\Program Files\Webshots\Launcher.exe
</TD>
<TD>
C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Webshots.lnk
</TD>
<TD>
N/A
</TD>
<TD>
N/A
</TD>
</TR>
<TR>
<TD>
Pitaschio
</TD>
<TD>
E:\Program Files\pita210\Pitaschio.exe
</TD>
<TD>
C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Shortcut to Pitaschio.exe.lnk
</TD>
<TD>
N/A
</TD>
<TD>
N/A
</TD>
</TR>
<TR>
<TD>
Process Explorer
</TD>
<TD>
E:\processes\nwProcessExplorer\procexp.exe
</TD>
<TD>
C:\Documents and Settings\Alan\Start Menu\Programs\Startup\procexp (2).lnk
</TD>
<TD>
N/A
</TD>
<TD>
N/A
</TD>
</TR>
<TR>
<TD>
SpamPal for Windows
</TD>
<TD>
C:\Program Files\SpamPal\spampal.exe
</TD>
<TD>
C:\Documents and Settings\Alan\Start Menu\Programs\Startup\SpamPl.lnk
</TD>
<TD>
N/A
</TD>
<TD>
N/A
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

spoke too soon ... Out Exp: email text OK ... but problems with images