Thank you in advance for looking in to this problem. I have a situation where, after the Windows Logo, all I get is a Black Screen. No cursor, just black screen. I ran My anti Anti Virus and came up with 52 hits. Ive tried re-installing video drivers after properly cleaning to no avail. No problem booting in to safe mode, or regular if my video drivers are uninstalled. Doesnt seem like a hardware issue to me. Here are the required log files. I dont really feel like re-installing windows...Hopefully you can help. Thanks Again!
sorry i think something was missing in my malwarebytes log file, should be fixed
Malwarebytes' Anti-Malware 1.41
Database version: 3172
Windows 5.1.2600 Service Pack 3 (Safe Mode)
11/14/2009 4:45:34 PM
mbam-log-2009-11-14 (16-45-34).txt
Scan type: Quick Scan
Objects scanned: 135616
Time elapsed: 4 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\primoadsforyou.primoadsforyou (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ecd83e0b-5c78-c8f5-42a2-3cc57030bc65} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7b120880-4edd-edae-e1a2-a11487b327d5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d35da2a5-1d09-03bb-fe6e-c569be05cfa0} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\primoadsforyou.primoadsforyou.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\PrimoAdsForYou\PrimoAdsForYou.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OTL logfile created on: 11/17/2009 8:39:22 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 83.92% Memory free
2.60 Gb Paging File | 2.48 Gb Available in Paging File | 95.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 20.06 Gb Free Space | 26.92% Space Free | Partition Type: NTFS
Drive D: | 555.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROBCONF7S
Current User Name: rob
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/17 20:34:03 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2009/11/17 20:34:03 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (WMP54Gv4SVC)
SRV - File not found -- -- (avg8wd)
SRV - File not found -- -- (avg8emc)
SRV - [2009/05/30 11:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/07 18:21:00 | 00,026,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/12/13 10:07:20 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/11/26 14:54:12 | 01,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/09/17 09:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/09/14 08:55:02 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sports.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: PrimoAdsForYou@PrimoAdsForYou:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 14:32:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/10 07:06:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 07:06:36 | 00,000,000 | ---D | M]
[2009/06/27 12:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Extensions
[2008/09/22 05:14:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/27 12:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Extensions\[email protected]
[2009/11/15 10:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\jrje83aq.default\extensions
[2009/11/15 10:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\jrje83aq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/14 01:29:34 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\jrje83aq.default\searchplugins\live-search.xml
[2009/11/15 10:16:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 07:06:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/23 22:16:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/03 22:33:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/02 21:51:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/08/05 12:10:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\PrimoAdsForYou@PrimoAdsForYou
[2009/11/10 07:06:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/10 07:06:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/02/07 16:41:38 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007/08/29 16:47:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2006/12/12 10:48:22 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/10 07:06:29 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 03:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/02 16:02:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/02 16:02:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/02 16:02:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/02 16:02:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/02 16:02:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/02 16:02:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/05/03 21:34:59 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/05/03 21:34:59 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/05/03 21:34:59 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/05/03 21:35:00 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/05/03 21:35:00 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/05/03 21:35:00 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/05/03 21:35:00 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (231388 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 63.208.226.219
O1 - Hosts: 127.0.0.1 63.208.226.24
O1 - Hosts: 127.0.0.1 63.208.226.25
O1 - Hosts: 127.0.0.1 63.208.226.28
O1 - Hosts: 127.0.0.1 63.208.226.40
O1 - Hosts: 127.0.0.1 63.208.226.41
O1 - Hosts: 127.0.0.1 63.208.226.42
O1 - Hosts: 127.0.0.1 63.208.226.43
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 8112 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Bar) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F} - C:\Program Files\Search Bar\tbcore3.dll File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1162961416437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/26 21:01:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/27 05:46:10 | 00,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{519a3341-2d18-11de-b1ac-001d7e9a39bb}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{519a3341-2d18-11de-b1ac-001d7e9a39bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Launch.exe -- [2004/10/21 04:38:02 | 00,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\I\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/03/26 21:00:59 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 14 Days ==========
[2009/11/17 20:34:01 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
[2009/11/17 20:27:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\rob\Desktop\RootRepeal.exe
[2009/11/17 20:24:17 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\rob\PrivacIE
[2009/11/15 16:19:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/11/15 09:51:05 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2009/11/15 09:50:03 | 05,177,816 | ---- | C] (Phyxion.net ) -- C:\Documents and Settings\rob\Desktop\DriverSweeper_2.0.5-[Guru3D.com].exe
[2009/11/15 09:46:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\rob\IETldCache
[2009/11/15 09:44:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/15 09:43:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/14 17:02:01 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/11/14 17:02:01 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/11/14 17:02:01 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/11/14 17:02:01 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/11/14 17:02:00 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/11/14 17:01:59 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/14 17:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/11/14 16:52:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/11/14 16:40:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rob\Application Data\Malwarebytes
[2009/11/14 16:40:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/14 16:39:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/14 16:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/14 16:39:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/14 16:37:45 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\rob\Desktop\SysRestorePoint.exe
[2009/11/14 16:37:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/14 16:37:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/14 16:36:56 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\rob\Desktop\erunt_setup.exe
[2009/11/14 16:30:03 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\TFC.exe
[2009/11/14 16:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rob\Application Data\AVG8
[2009/11/14 16:18:34 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\rob\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/11/14 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/08 14:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/11/08 14:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\USB TV
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\rob\My Documents\*.tmp files -> C:\Documents and Settings\rob\My Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/17 20:35:46 | 14,942,208 | ---- | M] () -- C:\Documents and Settings\rob\ntuser.dat
[2009/11/17 20:34:03 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
[2009/11/17 20:28:20 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\settings.dat
[2009/11/17 20:27:34 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\rob\Desktop\RootRepeal.exe
[2009/11/17 20:23:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/17 20:22:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 16:18:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 16:15:11 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/15 15:00:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\rob\ntuser.ini
[2009/11/15 15:00:52 | 02,108,274 | -H-- | M] () -- C:\Documents and Settings\rob\Local Settings\Application Data\IconCache.db
[2009/11/15 14:08:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-920026266-839522115-1003UA.job
[2009/11/15 14:08:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-920026266-839522115-1003Core.job
[2009/11/15 09:51:06 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Sweeper.lnk
[2009/11/15 09:50:44 | 05,177,816 | ---- | M] (Phyxion.net ) -- C:\Documents and Settings\rob\Desktop\DriverSweeper_2.0.5-[Guru3D.com].exe
[2009/11/15 09:44:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/15 09:43:57 | 00,008,758 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/11/14 17:02:09 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/14 16:59:36 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\avira_antivir_personal_en.exe
[2009/11/14 16:40:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 16:37:45 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\rob\Desktop\SysRestorePoint.exe
[2009/11/14 16:37:17 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\NTREGOPT.lnk
[2009/11/14 16:37:17 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\ERUNT.lnk
[2009/11/14 16:36:59 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\rob\Desktop\erunt_setup.exe
[2009/11/14 16:30:04 | 00,339,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\TFC.exe
[2009/11/14 16:18:34 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\rob\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/11/14 16:12:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\HijackThis.lnk
[2009/11/12 07:51:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/12 03:18:41 | 00,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 18:11:08 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\Google Chrome.lnk
[2009/11/11 13:13:55 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/08 14:12:01 | 00,000,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BDARemote.lnk
[2009/11/08 14:08:21 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\'Folding@Home'.lnk
[2009/11/08 14:03:07 | 00,509,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/08 14:03:07 | 00,432,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/08 14:03:07 | 00,067,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\rob\My Documents\*.tmp files -> C:\Documents and Settings\rob\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/17 20:28:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\settings.dat
[2009/11/15 16:20:37 | 00,011,557 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2009/11/15 16:20:36 | 00,007,069 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/11/15 16:20:35 | 00,972,072 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/11/15 16:20:34 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/11/15 16:20:33 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/11/15 16:20:33 | 00,156,671 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/15 16:20:32 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2009/11/15 16:20:31 | 01,311,202 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2009/11/15 16:20:31 | 00,047,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2009/11/15 16:20:31 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2009/11/15 16:20:31 | 00,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2009/11/15 09:51:06 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Sweeper.lnk
[2009/11/14 17:02:09 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/14 16:58:05 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\avira_antivir_personal_en.exe
[2009/11/14 16:40:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 16:37:17 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\NTREGOPT.lnk
[2009/11/14 16:37:17 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\ERUNT.lnk
[2009/11/14 16:12:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\HijackThis.lnk
[2009/11/08 14:12:01 | 00,000,519 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BDARemote.lnk
[2009/11/08 14:08:21 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\'Folding@Home'.lnk
[2009/11/08 14:03:07 | 00,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-920026266-839522115-1003UA.job
[2009/11/08 14:03:07 | 00,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-920026266-839522115-1003Core.job
[2009/08/18 13:24:48 | 00,000,635 | ---- | C] () -- C:\WINDOWS\rtcwgoty.INI
[2009/02/05 12:47:46 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2009/02/05 12:47:43 | 00,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2009/02/05 12:46:33 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2009/02/05 12:46:33 | 00,000,113 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2009/01/15 20:47:32 | 01,681,227 | -HS- | C] () -- C:\WINDOWS\System32\gjTEOqru.ini2
[2008/12/09 21:18:35 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/15 10:12:23 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/15 10:11:56 | 00,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/09/26 19:18:21 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\rob\Application Data\491F7B
[2008/09/26 19:18:20 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\rob\Application Data\mcs.rma
[2008/04/12 15:44:51 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/02/05 07:04:34 | 00,000,872 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/14 08:50:06 | 09,854,976 | ---- | C] () -- C:\WINDOWS\System32\atioglx2.dll
[2007/01/26 22:48:40 | 00,000,192 | ---- | C] () -- C:\WINDOWS\sme2saves.INI
[2007/01/23 08:57:26 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/12/26 17:15:06 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\rob\Application Data\$_hpcst$.hpc
[2006/11/09 17:51:39 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/07 15:30:27 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/17 19:21:41 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/09/23 20:53:47 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/07/29 14:26:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/23 16:14:53 | 00,000,848 | ---- | C] () -- C:\WINDOWS\Rtcwplat.INI
[2006/06/30 16:38:15 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/18 09:46:51 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/06/18 09:43:26 | 00,000,360 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/14 11:27:51 | 00,026,544 | ---- | C] () -- C:\Documents and Settings\rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/05/04 20:25:44 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/06 19:26:51 | 00,000,488 | ---- | C] () -- C:\WINDOWS\poolemup.ini
[2006/04/01 23:41:34 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/26 23:36:06 | 00,158,208 | ---- | C] () -- C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/26 21:31:26 | 02,108,274 | -H-- | C] () -- C:\Documents and Settings\rob\Local Settings\Application Data\IconCache.db
[2006/03/26 21:11:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\rob\Application Data\desktop.ini
[2006/03/26 15:51:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 07:00:00 | 00,000,662 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/01/27 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/01/22 05:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
========== LOP Check ==========
[2008/05/08 08:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2008/10/12 07:38:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/24 10:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/05/28 17:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/03/04 08:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/01/24 18:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2006/11/02 16:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/06 09:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/06/02 16:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/06 18:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Aim
[2009/11/15 09:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\ATI
[2008/12/03 20:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Audacity
[2008/10/03 21:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\BitTorrent
[2007/01/07 16:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\GetRightToGo
[2008/08/24 10:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\HotSync
[2006/09/06 17:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Jasc
[2009/02/14 11:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\MSNInstaller
[2008/03/04 08:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\NCH Swift Sound
[2008/05/16 17:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\OfficeUpdate12
[2007/02/17 16:53:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Smith Micro
[2006/06/30 13:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\WinPatrol
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/15 16:18:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
++++++++++++++++++++++++++++++++++++++++++
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/17 20:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7617000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xBA311000 Size: 138496 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xBA333000 Size: 100608 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79AF000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7402000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF76A7000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7657000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7647000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153344 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798B000 Size: 5888 File Visible: - Signed: -
Status: -
Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xBA7BC000 Size: 16384 File Visible: No Signed: -
Status: -
Name: dump_si3112r.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_si3112r.sys
Address: 0xBA234000 Size: 106496 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF793F000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A82000 Size: 4096 File Visible: - Signed: -
Status: -
Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB9ADC000 Size: 143744 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF774F000 Size: 27392 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7737000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7434000 Size: 129792 File Visible: - Signed: -
Status: -
Name: framebuf.dll
Image Path: C:\WINDOWS\System32\framebuf.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79AB000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125056 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF76D7000 Size: 40960 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7412000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7787000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xBA4A4000 Size: 10368 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76E7000 Size: 52480 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7697000 Size: 42112 File Visible: - Signed: -
Status: -
Name: InCDPass.sys
Image Path: C:\WINDOWS\system32\drivers\InCDPass.sys
Address: 0xF780F000 Size: 31360 File Visible: - Signed: -
Status: -
Name: InCDRm.sys
Image Path: C:\WINDOWS\system32\drivers\InCDRm.sys
Address: 0xF76C7000 Size: 33024 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xBA34C000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xBA3F3000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF776F000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xBA63A000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7870000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7767000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBA498000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7627000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xBA24E000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7797000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7567000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA7EC000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF796D000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7830000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7937000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB9EB2000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xBA623000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7537000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7517000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xBA372000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77A7000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AA6000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv_agp.sys
Image Path: nv_agp.sys
Address: 0xF771F000 Size: 21760 File Visible: - Signed: -
Status: -
Name: nvatabus.sys
Image Path: nvatabus.sys
Address: 0xF7454000 Size: 79360 File Visible: - Signed: -
Status: -
Name: NVENET.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENET.sys
Address: 0xBA754000 Size: 93696 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7607000 Size: 61696 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xBA612000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77E7000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7667000 Size: 35712 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF790F000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76F7000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7587000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7577000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77FF000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xBA2E6000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79B3000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xBA5BA000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF76B7000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB98F4000 Size: 49152 File Visible: No Signed: -
Status: -
Name: RT61.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RT61.sys
Address: 0xBA6FD000 Size: 356096 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF7468000 Size: 98304 File Visible: - Signed: -
Status: -
Name: si3112r.sys
Image Path: si3112r.sys
Address: 0xF7480000 Size: 102528 File Visible: - Signed: -
Status: -
Name: SiWinAcc.sys
Image Path: SiWinAcc.sys
Address: 0xF789B000 Size: 10368 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7422000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB9D08000 Size: 333952 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79A1000 Size: 4352 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xBA39A000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF77BF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7557000 Size: 40704 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xBA4BC000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79A5000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7717000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7547000 Size: 59520 File Visible: - Signed: -
Status: -
Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF77F7000 Size: 17152 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA76B000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF77AF000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7777000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS
Address: 0xBA426000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7637000 Size: 52352 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7757000 Size: 20480 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF785D000 Size: 77568 File Visible: - Signed: -
Status: -
OTL Extras logfile created on: 11/17/2009 8:39:22 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 83.92% Memory free
2.60 Gb Paging File | 2.48 Gb Available in Paging File | 95.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 20.06 Gb Free Space | 26.92% Space Free | Partition Type: NTFS
Drive D: | 555.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROBCONF7S
Current User Name: rob
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" File not found
Directory [Winamp.Enqueue] -- "F:\Program Files\Winamp\winamp.exe" /ADD "%1" File not found
Directory [Winamp.Play] -- "F:\Program Files\Winamp\winamp.exe" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"F:\Program Files\Trillian\trillian.exe" = F:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"G:\Program Files\Return to Castle Wolfenstein - Platinum Edition\WolfMP.exe" = G:\Program Files\Return to Castle Wolfenstein - Platinum Edition\WolfMP.exe:*:Disabled:WolfMP -- File not found
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"F:\Program Files\Microsoft Games\Halo\halo.exe" = F:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E900196-D879-4905-0098-B3BCECF72AB9}" = NASCAR SimRacing
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{1619204B-7F8C-4293-B342-5345721F4A1F}_is1" = GTR 2 1.0.0.0
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" =
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}" =
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98F2555F-6749-49BA-949F-FC887831A524}" = Palm Desktop by ACCESS
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.5
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"AVG8Uninstall" = AVG Free 8.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BatchPhoto_is1" = BatchPhoto v2.5
"Branding" =
"Celestia_is1" = Celestia 1.4.1
"Chaos Pack for Pocket Tanks Deluxe_is1" = Chaos Pack 1.00 for Pocket Tanks Deluxe
"COH" = City of Villains/City of Heroes (remove only)
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DVD Shrink_is1" = DVD Shrink 3.2
"DXM_Runtime" =
"ERUNT_is1" = ERUNT 1.1j
"Fireworks Pack for Pocket Tanks Deluxe_is1" = Fireworks Pack v1.0 for Pocket Tanks Deluxe
"Flamethrower Pack for Pocket Tanks Deluxe_is1" = Flamethrower Pack 1.00a for Pocket Tanks Deluxe
"Fontcore" =
"Frogger2" = Frogger2
"Gold Pack for Pocket Tanks Deluxe_is1" = Gold Pack v1.0 for Pocket Tanks Deluxe
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Gutterball 2" = Gutterball 2
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"ICW" =
"Icy Tower_is1" = Icy Tower v1.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"Indeo® software" = Indeo® software
"InstallShield Uninstall Information" =
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Interactive Mathematics" = AcademicOnline Interactive Mathematics
"IrfanView" = IrfanView (remove only)
"LG USB Drivers" = LG USB Drivers
"LimeWire" = LimeWire 5.1.4
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSNINST" = MSN
"Nano Pack for Pocket Tanks Deluxe_is1" = Nano Pack v1.0 for Pocket Tanks Deluxe
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpress" =
"Panda ActiveScan" = Panda ActiveScan
"PCHealth" =
"Pocket Tanks Deluxe_is1" = Pocket Tanks Deluxe v1.2
"Pool 'm Up" = Pool 'm Up
"PrimoAdsForYou" = PrimoAdsForYou
"PrimoAdsForYouFF" = FFPrimoAdsForYou
"Return to Castle Wolfenstein - Platinum Edition" = Return to Castle Wolfenstein - Platinum Edition
"RollerCoaster Tycoon Setup" = RolllayN
"SchedulingAgent" =
"SEARCHBAR.SEARCHBARToolbar" = Search Bar
"Shockwave" =
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.0 for Pocket Tanks Deluxe
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"Stellarium_is1" = Stellarium 0.8.1
"StepMania" = StepMania (remove only)
"Super Pack for Pocket Tanks Deluxe_is1" = Super Pack v1.1 for Pocket Tanks Deluxe
"Switch" = Switch
"TBass4.exe" = Field & Stream® Trophy Bass 4
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Trillian" = Trillian
"Tri-Towers" = Tri-Towers 2.1.4.4
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"Tweak UI 2.10" = Tweak UI
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/3/2009 11:36:18 AM | Computer Name = ROBCONF7S | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 atidemgx,
P5 2.0.3188.38352, P6 48d9a371, P7 528, P8 6b, P9 system.exception, P10 NIL.
Error - 9/28/2009 6:33:02 PM | Computer Name = ROBCONF7S | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.
Error - 10/10/2009 9:33:56 AM | Computer Name = ROBCONF7S | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/16/2009 2:46:34 AM | Computer Name = ROBCONF7S | Source = Google Update | ID = 20
Description =
Error - 11/8/2009 12:02:59 PM | Computer Name = ROBCONF7S | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7048, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.
Error - 11/8/2009 12:02:59 PM | Computer Name = ROBCONF7S | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 11/8/2009 12:03:02 PM | Computer Name = ROBCONF7S | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7048, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.
Error - 11/14/2009 3:07:53 PM | Computer Name = ROBCONF7S | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/14/2009 5:37:58 PM | Computer Name = ROBCONF7S | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 sysrestorepoint, P5 1.3.0.0, P6 485da791, P7 d, P8 ca, P9 system.invalidoperationexception,
P10 NIL.
Error - 11/14/2009 5:38:08 PM | Computer Name = ROBCONF7S | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 sysrestorepoint, P5 1.3.0.0, P6 485da791, P7 d, P8 ca, P9 system.invalidoperationexception,
P10 NIL.
[ System Events ]
Error - 11/15/2009 6:43:33 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
Error - 11/15/2009 6:56:00 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 11/15/2009 6:56:44 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/15/2009 6:56:56 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/15/2009 6:58:02 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/17/2009 9:23:30 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/17/2009 9:24:19 PM | Computer Name = ROBCONF7S | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 avgio AvgLdx86 AvgMfx86 Fips pavboot
Error - 11/17/2009 9:28:51 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/17/2009 9:29:02 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/17/2009 9:37:27 PM | Computer Name = ROBCONF7S | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
Edited by Blade131, 19 November 2009 - 07:42 PM.
Sign In
Create Account
