Hi!
I posted under the Vista forum, though another member suggested I come here and post. I read and followed the instruction provided within the cleaning guide...
My pc specs are:
HP a6313w / 2GB memory / 32 bit
Windows Vista Home Premium, (bah!)
NVIDIA GeForce 6150SE nForce 430
AMD Athlon 64 X2 Dual Core Processor 5000+ 2.60 GHz
Main HD is 288GB, with 168GB free
Yet my system gobbles up resources and freezes, even when only running a few small aps... I thought perhaps it was a driver or compatibility issues, that I thought I could fix by installing SP1 & SP2, though I cannot. I believe I FINALLY removed all the carnage from "Malware Defense", though my system hasn't been the same...
I can't update SP1, (or any other updates)... I have downloaded and tried to apply the "Update Readiness" tool... Though, this requires that "windows update service" be enabled. BUT, when I enable the update service:
I get a command prompt box and an error box that pops up every 10 seconds or so. The error says:
"C:\Windows\system32\wuauclt.exe The NTVDM CPU has encountered an illegal instruction." Once I close it, it pops up again shortly there after. And the "Update Readiness" tool reports:
"Some updates were not installed
Hotfix for Windows KB947821"
I've searched and searched, but I cannot find a solution... I would be so grateful for any help, regarding this issue....
Thank-you heaps in advance...=~)
Cheers ~Niki
(Wow, this is a lot of information... OTL text file, Extra text file, Gmer files and then the Malwarebytes log....)
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
OTL TXT FILE
OTL logfile created on: 2/16/2010 1:08:51 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Nichole\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 169.04 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 146.47 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 979.63 Mb Free Space | 99.86% Space Free | Partition Type: FAT
Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/16 10:32:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\OTL.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/11/04 17:00:14 | 002,334,856 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/28 07:49:34 | 004,378,624 | ---- | M] (Gabest) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
PRC - [2008/05/16 09:53:36 | 000,495,616 | ---- | M] () -- C:\Program Files\Hypersight\hypersight.exe
PRC - [2008/01/20 03:04:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/02 08:20:20 | 001,183,744 | ---- | M] (JC&MB) -- C:\Program Files\Quicknote\quicknote.exe
PRC - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2006/11/10 07:12:08 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/10 07:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1200618788\ee\aolsoftware.exe
PRC - [2003/05/15 19:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
========== Modules (SafeList) ==========
MOD - [2010/02/16 10:32:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (ZUOKFHK)
SRV - File not found [Disabled | Stopped] -- -- (WYQRBOLFZL)
SRV - File not found [On_Demand | Stopped] -- -- (DCIGACCIFT)
SRV - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/08/24 17:19:18 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/19 20:27:49 | 000,000,024 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\iptools.INI -- (IPTools)
SRV - [2007/11/23 11:16:22 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/23 10:04:39 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/10/18 10:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 03:42:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 05:37:56 | 000,000,000 | ---D | M]
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/15 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/17 19:42:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2370)
[2009/07/22 02:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/19 14:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/02/05 07:18:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/15 22:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/24 08:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/10/15 04:53:11 | 001,140,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB} - C:\Program Files\Light Downloader\ldmie2.dll ()
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe ()
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe (JC&MB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Light Downloader - C:\Program Files\Light Downloader\dlall.htm ()
O8 - Extra context menu item: Download selected with Light Downloader - C:\Program Files\Light Downloader\dlselected.htm ()
O8 - Extra context menu item: Download with Light Downloader - C:\Program Files\Light Downloader\dllink.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 4810 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262300281720 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.167.10 67.142.167.11
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 10:58:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bdd04120-cc3b-11dc-aa3c-001e8c40986c}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd04120-cc3b-11dc-aa3c-001e8c40986c}\Shell\AutoRun\command - "" = K:\Imageviewer.exe -- File not found
O33 - MountPoints2\{c051a9b8-c717-11dc-a646-001e8c40986c}\Shell - "" = AutoRun
O33 - MountPoints2\{c051a9b8-c717-11dc-a646-001e8c40986c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2007/10/23 02:45:40 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 06:18:47 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/02/16 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/15 17:52:56 | 000,000,000 | ---D | C] -- C:\Multimedia Files
[2010/02/15 17:52:56 | 000,000,000 | ---D | C] -- \Multimedia Files
[2010/02/15 17:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft GIF Animator
[2010/02/14 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\17yearsold
[2010/02/14 20:10:30 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\me46
[2010/02/12 03:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/02/12 01:59:04 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\Virus
[2010/02/12 01:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/02/10 18:30:30 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\ICONS 2010
[2010/02/10 00:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\VocoderGUI
[2010/02/10 00:08:25 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/10 00:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Power Sound Editor Free
[2010/02/10 00:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/09 04:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/02/09 04:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/02/06 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/02/06 12:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LightDownloader.COM
[2010/02/06 12:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Light Downloader
[2010/02/06 10:39:39 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/02/06 03:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2010/02/06 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\FAVORITE PROGRAMS
[2010/02/05 18:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2010/02/05 04:23:32 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\NEW PSP 2010 UNUSED
[2010/02/05 03:01:21 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2010/02/05 03:01:19 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\Favorites_Q_Dir
[2010/02/05 03:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Q-Dir
[2010/02/05 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2010/02/05 01:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\UltraExplorer
[2010/02/04 04:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2008/01/20 21:45:01 | 000,824,216 | ---- | C] (PC Pitstop LLC ) -- C:\Program Files\diskmd-setup-1052.exe
[2008/01/20 21:44:26 | 000,846,008 | ---- | C] (Duality Software ) -- C:\Program Files\alarm clocksetupdsc160r.exe
[2008/01/20 21:44:03 | 004,279,120 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWire PRO 4.12.6.exe
[2008/01/20 21:43:55 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2008/01/20 05:45:35 | 000,703,122 | R--- | C] (JAM Software ) -- C:\Program Files\TreeSizeSetup.exe
[2008/01/20 00:38:09 | 000,773,497 | ---- | C] (Cro-Code Software ) -- C:\Program Files\tls_setup.exe
[21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/02/16 13:10:23 | 006,553,600 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat
[2010/02/16 12:38:53 | 000,716,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/16 12:38:53 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/16 12:38:53 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/16 12:35:46 | 000,000,294 | ---- | M] () -- C:\Windows\win.ini
[2010/02/16 12:35:34 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/02/16 12:34:48 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/16 12:34:48 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/16 12:34:39 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/16 12:34:39 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/16 12:34:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/16 12:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/16 11:49:20 | 000,001,896 | ---- | M] () -- C:\Users\Nichole\Documents\ark.text
[2010/02/16 10:27:06 | 000,007,340 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2010/02/16 09:18:47 | 000,001,073 | ---- | M] () -- C:\Users\Nichole\Desktop\Spybot - Search & Destroy.lnk
[2010/02/16 07:14:52 | 001,779,746 | ---- | M] () -- C:\Users\Nichole\Documents\GOODBYEHOOTERS.wmv
[2010/02/16 05:40:35 | 000,035,840 | ---- | M] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 00:05:52 | 000,007,944 | ---- | M] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2010/02/15 21:59:54 | 000,025,641 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2010/02/15 01:29:03 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2010/02/14 21:25:37 | 002,093,834 | ---- | M] () -- C:\Users\Nichole\Documents\17yearsold.zip
[2010/02/14 20:10:30 | 000,064,160 | ---- | M] () -- C:\Users\Nichole\Documents\me46.zip
[2010/02/14 19:34:58 | 000,508,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/12 01:13:22 | 000,208,080 | ---- | M] () -- C:\Users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/10 15:42:42 | 000,001,882 | ---- | M] () -- C:\Users\Nichole\Desktop\HijackThis.lnk
[2010/02/10 15:04:37 | 000,589,824 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/02/10 15:02:58 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/02/10 15:02:58 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/02/10 11:33:04 | 000,005,097 | ---- | M] () -- C:\Users\Nichole\Documents\My Favorite Theme.theme
[2010/02/10 06:22:48 | 006,553,600 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat_previous
[2010/02/10 03:48:50 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/02/10 00:45:06 | 000,000,834 | ---- | M] () -- C:\Users\Nichole\Desktop\Zerius Vocoder.lnk
[2010/02/10 00:08:19 | 000,001,825 | ---- | M] () -- C:\Users\Nichole\Desktop\Power Sound Editor Free.lnk
[2010/02/09 18:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 18:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 18:56:25 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/09 04:30:40 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/02/09 04:30:31 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/02/09 04:30:05 | 000,001,400 | ---- | M] () -- C:\Users\Nichole\Desktop\DivX Movies.lnk
[2010/02/08 20:37:53 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/02/06 13:14:31 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/02/06 12:21:00 | 000,000,771 | ---- | M] () -- C:\Users\Nichole\Desktop\Light Downloader.lnk
[2010/02/06 10:39:39 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/02/06 08:07:54 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:07:54 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 08:07:54 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/05 21:46:31 | 012,513,280 | ---- | M] () -- C:\ProgramData\sandra.mda
[2010/02/05 18:08:34 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2010c.lnk
[2010/02/05 15:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/05 15:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/05 15:00:05 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TM.blf
[2010/02/05 12:52:50 | 000,175,897 | ---- | M] () -- C:\Users\Nichole\Documents\pspbrwse.jbf
[2010/02/05 03:01:19 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\Q-Dir.lnk
[2010/02/04 03:28:32 | 000,011,114 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2010/02/04 03:28:32 | 000,010,240 | ---- | M] () -- C:\Users\Nichole\Documents\Recommendation.wps
[21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/02/16 11:49:20 | 000,001,896 | ---- | C] () -- C:\Users\Nichole\Documents\ark.text
[2010/02/16 09:18:47 | 000,001,073 | ---- | C] () -- C:\Users\Nichole\Desktop\Spybot - Search & Destroy.lnk
[2010/02/16 07:14:08 | 001,779,746 | ---- | C] () -- C:\Users\Nichole\Documents\GOODBYEHOOTERS.wmv
[2010/02/14 21:23:20 | 002,093,834 | ---- | C] () -- C:\Users\Nichole\Documents\17yearsold.zip
[2010/02/14 20:10:24 | 000,064,160 | ---- | C] () -- C:\Users\Nichole\Documents\me46.zip
[2010/02/12 03:01:26 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\kernel.sys
[2010/02/10 14:52:16 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/02/10 14:52:16 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/02/10 11:33:04 | 000,005,097 | ---- | C] () -- C:\Users\Nichole\Documents\My Favorite Theme.theme
[2010/02/10 00:45:06 | 000,000,834 | ---- | C] () -- C:\Users\Nichole\Desktop\Zerius Vocoder.lnk
[2010/02/10 00:08:19 | 000,001,825 | ---- | C] () -- C:\Users\Nichole\Desktop\Power Sound Editor Free.lnk
[2010/02/09 04:30:40 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/02/09 04:30:31 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/02/09 04:30:05 | 000,001,400 | ---- | C] () -- C:\Users\Nichole\Desktop\DivX Movies.lnk
[2010/02/06 12:21:00 | 000,000,771 | ---- | C] () -- C:\Users\Nichole\Desktop\Light Downloader.lnk
[2010/02/06 08:08:55 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:08:55 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 08:08:55 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/06 03:54:39 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 03:54:39 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 03:54:39 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/05 18:08:34 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2010c.lnk
[2010/02/05 18:08:31 | 012,513,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/02/05 03:01:19 | 000,001,616 | ---- | C] () -- C:\Users\Public\Desktop\Q-Dir.lnk
[2010/02/05 03:01:07 | 000,025,641 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010/02/04 18:07:34 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/04 18:07:33 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/04 18:07:33 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TM.blf
[2010/02/04 16:37:48 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/03 07:28:39 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/09 00:42:28 | 000,002,131 | ---- | C] () -- \aaw7boot.log
[2009/12/30 02:48:12 | 000,000,675 | ---- | C] () -- C:\Windows\System32\NewNamekrl32mainweq.dll
[2009/12/29 05:23:18 | 000,000,036 | ---- | C] () -- C:\Users\Nichole\AppData\Local\housecall.guid.cache
[2009/12/24 17:01:35 | 001,703,968 | ---- | C] () -- C:\Program Files\VirtualDub-1.9.7.zip
[2009/11/24 21:54:35 | 000,000,028 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/27 14:41:07 | 000,002,560 | ---- | C] () -- \stub.log
[2009/09/27 13:51:53 | 000,000,000 | ---- | C] () -- \Log.txt
[2009/08/04 04:37:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/04 04:36:53 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/07/18 22:41:59 | 000,000,268 | -H-- | C] () -- \sqmdata07.sqm
[2009/07/18 22:41:59 | 000,000,244 | -H-- | C] () -- \sqmnoopt07.sqm
[2009/05/10 07:08:44 | 004,376,305 | ---- | C] () -- \MWAV.LOG
[2009/05/10 06:02:00 | 000,000,074 | ---- | C] () -- \23990098.$
[2009/03/24 00:57:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/03/14 12:16:55 | 000,230,454 | ---- | C] () -- \cam0000.bmp
[2009/03/13 16:26:45 | 000,057,654 | ---- | C] () -- \img.BMP
[2008/12/12 12:08:53 | 000,000,268 | -H-- | C] () -- \sqmdata06.sqm
[2008/12/12 12:08:53 | 000,000,244 | -H-- | C] () -- \sqmnoopt06.sqm
[2008/12/02 01:24:17 | 000,000,268 | -H-- | C] () -- \sqmdata05.sqm
[2008/12/02 01:24:17 | 000,000,244 | -H-- | C] () -- \sqmnoopt05.sqm
[2008/11/17 06:03:47 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2008/11/17 06:03:47 | 000,000,232 | -H-- | C] () -- \sqmdata04.sqm
[2008/11/17 06:03:17 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2008/11/17 06:03:17 | 000,000,232 | -H-- | C] () -- \sqmdata03.sqm
[2008/11/17 06:02:24 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2008/11/17 06:02:24 | 000,000,232 | -H-- | C] () -- \sqmdata02.sqm
[2008/11/17 06:00:22 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2008/11/17 06:00:22 | 000,000,232 | -H-- | C] () -- \sqmdata01.sqm
[2008/10/28 12:04:15 | 000,010,920 | ---- | C] () -- \aolconnfix.exe
[2008/10/28 12:04:15 | 000,001,039 | ---- | C] () -- \aolconnfix.txt
[2008/10/19 20:27:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iptools.INI
[2008/10/15 04:26:38 | 000,067,334 | ---- | C] () -- \ProcessList.txt
[2008/08/07 17:57:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/07 17:57:19 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/08/07 17:57:19 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/07 17:57:19 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/07 17:57:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/07 17:57:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/07 17:57:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/09 05:50:04 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2008/05/09 05:50:04 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2008/05/07 06:00:05 | 000,000,146 | ---- | C] () -- \YServer.txt
[2008/05/04 10:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/15 05:21:44 | 000,000,178 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/30 03:54:52 | 000,000,458 | ---- | C] () -- C:\Windows\justnote.ini
[2008/01/26 08:56:55 | 001,474,385 | ---- | C] () -- C:\Program Files\sprint32v2.zip
[2008/01/26 00:43:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/01/20 21:47:26 | 000,048,489 | ---- | C] () -- C:\Program Files\ipnetinfo.zip
[2008/01/20 21:02:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2008/01/20 20:50:10 | 000,000,164 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2008/01/20 20:49:59 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2008/01/20 19:59:51 | 000,035,840 | ---- | C] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 17:50:52 | 000,007,340 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2008/01/20 06:03:25 | 000,011,114 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2008/01/20 05:45:48 | 192,152,327 | R--- | C] () -- C:\Program Files\AllProgramFilesZipped.zip
[2008/01/20 05:45:35 | 000,905,216 | ---- | C] () -- C:\Program Files\iview398.exe
[2008/01/20 05:00:15 | 001,680,921 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engbul-f.zip
[2008/01/20 05:00:14 | 003,155,350 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engspa-f.exe
[2008/01/20 01:40:31 | 000,043,352 | ---- | C] () -- C:\Windows\System32\wups2.dll
[2008/01/20 00:38:43 | 003,154,009 | ---- | C] () -- C:\Program Files\audacity-win-1.2.6.zip
[2008/01/20 00:38:19 | 000,000,011 | ---- | C] () -- C:\Program Files\productid.txt
[2008/01/20 00:38:02 | 001,363,968 | ---- | C] () -- C:\Program Files\stickerlite.exe
[2008/01/20 00:37:36 | 000,687,733 | ---- | C] () -- C:\Program Files\notes170.exe
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \MSDOS.SYS
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \IO.SYS
[2008/01/17 20:25:33 | 000,007,944 | ---- | C] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2007/11/23 10:30:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 10:30:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/23 10:19:20 | 2325,676,032 | -HS- | C] () --
[2007/11/23 10:02:45 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/11/23 10:02:44 | 000,438,840 | RHS- | C] () -- \bootmgr
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/06/18 00:17:26 | 000,000,212 | ---- | C] () -- C:\Windows\cr8type2lightins.ini
[2002/06/28 04:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 08:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1998/03/14 12:16:04 | 000,000,136 | ---- | C] () -- C:\Windows\System32\mssrina.dll
========== LOP Check ==========
[2008/11/30 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\AMPSoft
[2009/04/20 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ArmorSurf
[2009/12/28 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Ashampoo
[2008/12/16 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Auslogics
[2009/05/08 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Bearshare Premium P2P
[2009/09/27 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BellCraft.com
[2008/08/02 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BPK
[2009/07/21 03:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BRAVIS
[2010/02/01 13:55:44 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\CBS Interactive
[2009/08/03 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Digital Support
[2008/12/01 05:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\FontCreator
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Free&Easy Font Viewer
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GetRightToGo
[2009/05/08 03:07:50 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GlarySoft
[2009/12/30 06:54:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GrabPro
[2009/05/10 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\HouseCall 6.6
[2010/01/16 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ImgBurn
[2009/12/20 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Improved Software
[2010/01/16 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\InfraRecorder
[2009/05/22 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\IObit
[2009/09/17 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\JAM Software
[2010/02/16 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/02/16 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\LimeWire
[2009/08/04 04:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MAGIX
[2008/12/01 03:35:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MainType
[2009/05/10 00:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\minimem
[2009/12/20 03:07:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Moyea
[2009/12/20 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NeoDownloader
[2008/01/26 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NoteTab Light
[2010/02/15 20:32:48 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Orbit
[2010/02/10 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/05 03:18:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2008/10/17 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Se Analyzer Tool SA
[2010/01/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\SystemRequirementsLab
[2009/07/29 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\TamoSoft
[2008/01/20 06:03:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Template
[2010/02/15 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2009/12/23 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraGet
[2009/05/06 05:43:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Uniblue
[2010/02/16 06:10:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\uTorrent
[2008/12/16 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\WinBatch
[2008/01/21 03:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ZipGenius
[2010/02/16 12:35:34 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/02/16 11:01:19 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/08 20:37:53 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2008/10/28 12:04:15 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
< MD5 for: AGP440.SYS >
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 03:05:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 03:05:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:05:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:05:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\hp\DRIVERS\nvidia_storage\nvstor32.sys
[2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b4609a34\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/02/13 03:02:04 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/02/13 03:02:04 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 04:46:10 | 001,376,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2006/11/02 04:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/11/23 10:08:52 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8423A1CF
< End of report >
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
EXTRAS TXT FILE
OTL Extras logfile created on: 2/16/2010 1:08:51 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Nichole\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 169.04 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 146.47 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 979.63 Mb Free Space | 99.86% Space Free | Partition Type: FAT
Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F435053-CDD8-4288-977D-77F6C4323EE2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5B482196-E1A9-4F9B-8291-4DB53CC3F201}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5F5DA7A0-AEFF-4802-A46A-7DE7F6C28732}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{6E8D363E-C8C6-4B9A-9981-1E65BA54517B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{74DA046F-8F1A-4A65-A2A0-438889EEBD54}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{793C3939-CAEF-434E-A861-37051A689DFB}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{89BB1384-D97F-4EA2-91C3-05997080002F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8E2461D0-73E5-466D-A2E1-80B9D4011C48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9830C22C-41D7-4287-B475-7B2CCF552035}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9A7EB061-1D98-43AD-A019-7CFB24692EFE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{9A82DC86-3FB3-4412-9CD2-6B4EE0406701}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{A0D8211D-9231-4A2A-90D2-071BFAE8C5C5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{B75A24E9-8625-4571-9339-C052572A8B4C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{CA0C6C87-5463-47D0-AA94-9E81AEE8DD09}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CB73CFFD-7F20-4C75-9015-A042EA18CC87}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{CC301810-C726-4297-9C42-5138A27D0E49}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D7D0335C-BA8F-46DA-B83A-05DD9FDA5866}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E23D284B-1CA4-4064-96BD-6B3099C4D33F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E6E90FBD-3F0A-497F-B173-0B5BF6562619}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9E8D664-7B0A-40D5-A5D0-A5A7188443D1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F0486909-F0E6-458B-B533-646034990F33}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{448A811E-D61B-49A9-A5A4-E8E498E1D1D0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AC3AA1C3-C935-40B3-8CE6-3FA367BA3ACF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{10E1FC7C-AB9E-4851-AEC7-8A189A1E7281}" = LogoEase
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1" = NeoDownloader Lite 2.4
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E906533-F57F-45BD-A837-FCF24A2C243E}" = TubeSucker
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam v0.3.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4001FD1-EFF9-4978-A638-E9985154F50B}" = FAPMon (universal edition) 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.0
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AMP Font Viewer" = AMP Font Viewer
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Astro123_is1" = Astro123 v1.62
"Audacity_is1" = Audacity 1.2.6
"AvaCam_is1" = AvaCam v3.0.1
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.1
"BulletProofSoft Youtube Video Grabber Trial Version_is1" = BulletProofSoft Youtube Video Grabber 1.0.0.7
"Cfont Pro_is1" = Cfont Pro v3.1
"CheckDrive_is1" = CheckDrive
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Connection Manager" =
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Cool Record Edit Deluxe" = Cool Record Edit Deluxe
"DirectDrawEx" =
"Disk Investigator" = Disk Investigator 1.32
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DNS Thing_is1" = DNS Thing 1.1
"DriverAgent.exe" = DriverAgent by eSupport.com
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.3
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DXM_Runtime" =
"E.M. Free Photo Collage 0.9_is1" = E.M. Free Photo Collage 0.9
"EasyCapture_is1" = EasyCapture 1.0.0.0
"EMS YouTube Downloader & Converter_is1" = EMS YouTube Downloader & Converter 1.1
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Finger_is1" = Finger 1.9
"FingerPrint_is1" = FingerPrint
"FLV Player" = FLV Player 2.0, build 23
"Fontcore" =
"FontCreator55_is1" = FontCreator 5.6
"Font-Effects 2" = Font-Effects 2
"FontPage_is1" = FontPage 3.0.2
"Free DVD Burner (by minidvdsoft)_is1" = Free DVD Burner version 3.0
"Free IP Tools" = Free IP Tools
"Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 2.0
"Game Booster_is1" = Game Booster
"GIF Animator" = Microsoft GIF Animator
"GSpot" = GSpot Codec Information Appliance
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Hypersight Rootkit Detector_is1" = Hypersight 0.4 beta
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"IeCacheExplorer_is1" = IeCacheExplorer 1.4
"IEData" =
"Improved YouTube Downloader" = Improved YouTube Downloader 0.9.8
"Index Dat Spy" = Index Dat Spy
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.0
"InstallShield Uninstall Information" =
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IpDnsResolver_is1" = IpDnsResolver 1.2
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
"JC&MB Quicknote_is1" = Quicknote 5.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Full)
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Lettra Art" = Lettra Art By Harshal Mahadevia
"Light Downloader_is1" = Light Downloader 1.1
"LimeWire" = LimeWire 5.1.4
"List Alphabetizer" = List Alphabetizer
"MAGIX Slideshow Maker US" = MAGIX Slideshow Maker 1.0.1.3 (US)
"Magnifier" = Magnifier
"Magnifixer_is1" = Magnifixer 2.2
"MainType2_is1" = MainType 2.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McGill English Dictionary of Rhyme with VersePer~286A7AE6_is1" = McGill English Dictionary of Rhyme & Verse Perfect 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MPlayer2" =
"My HP Game Console" =
"My ScreenCam" = My ScreenCam
"NetworkActiv Port Scanner 4.0" = NetworkActiv Port Scanner 4.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0.0.13
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PCSleek Free Error Cleaner_is1" = PCSleek Free Error Cleaner
"PhotoStage" = PhotoStage
"Picasa2" = Picasa 2
"Plax Network Suite" = Plax Network Suite
"Power Sound Editor Free" = Power Sound Editor Free
"Prism" = Prism Video Converter
"Q-Dir" = Q-Dir
"qjop04328932qwwweew_is1" = Medusa v1.1
"Query Application" = Query Application
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"Recover Data for FAT & NTFS (Trial Version)_is1" = Recover Data for FAT & NTFS (Trial Version)
"Recover My Files_is1" = Recover My Files
"SchedulingAgent" =
"SerifDrawPlus40" = Serif DrawPlus 4.0
"Sheer Notes_is1" = Sheer Notes v1.1
"SlimList" = SlimList (remove only)
"Smart Defrag_is1" = Smart Defrag 1.20
"Smart FAT Recovery_is1" = Smart FAT Recovery v3.7
"SmartWhois" = SmartWhois
"Spyware Doctor" = Spyware Doctor 5.5
"ST6UNST #1" = Photo Recovery
"ST6UNST #2" = ScreenPrint32 v2.0a
"ST6UNST #3" = ScreenPrint32 v3.5
"ST6UNST #4" = Karen's LAN Monitor
"ST6UNST #5" = Meracl FontMap v2.1.1
"ST6UNST #6" = FontSuite v1.0
"ST6UNST #7" = ScreenPrint32 v3.5 (C:\Program Files\ScreenPrint32 v3\)
"Super Magnify v1.3_is1" = Super Magnify v1.3
"syspro" = syspro
"SystemRequirementsLab" = System Requirements Lab
"Text List" = Text List 1.2
"ToolBox" = NCH Toolbox
"Torrent Episode Downloader 0.96" = Torrent Episode Downloader
"TreeSize Free_is1" = TreeSize Free V2.3.3
"TweakVI" = TweakVI
"Type light" = Type light
"UltraExplorer_is1" = UltraExplorer 2.0.3.1
"UltraGet Video Downloader_is1" = UltraGet Video Downloader 2.0.9
"UltraSlideshow Flash Creator" = UltraSlideshow Flash Creator 1.20
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VocoderGUI" = Zerius Vocoder (remove only)
"VST Bridge_is1" = VST Bridge 1.1
"WebRipper" = WebRipper 1.32
"WildTangent hp Master Uninstall" = My HP Games
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"WinPcapInst" = WinPcap 4.0.2
"WordWeb" = WordWeb
"WT026592" =
"WT026598" =
"WT026599" =
"WT026600" =
"WT026615" =
"WT026617" =
"WT026621" =
"WT026647" =
"WT026649" =
"WT026652" =
"WT026654" =
"WT026655" =
"WT026656" =
"WT026657" =
"WT026658" =
"WT026659" =
"WT026678" =
"WT026689" =
"WT026691" =
"WT026728" =
"WT026729" =
"WT026730" =
"WT026780" =
"WT026781" =
"WT026807" =
"WT026813" =
"WT026814" =
"WT026836" =
"WT026837" =
"WT027261" =
"XHeader" = XHeader
"XWP replacement" = All-Pro Software XWP replacement 5.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomPlayer" = Zoom Player (remove only)
"ZScreen" = ZScreen 1.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/16/2010 2:48:35 AM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =
Error - 2/16/2010 11:30:53 AM | Computer Name = Faith | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0xe28, application start time
0x01caaf1cdafa1cd0.
Error - 2/16/2010 11:59:50 AM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =
Error - 2/16/2010 12:06:28 PM | Computer Name = Faith | Source = Perflib | ID = 1010
Description =
Error - 2/16/2010 12:07:04 PM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =
Error - 2/16/2010 12:13:46 PM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =
Error - 2/16/2010 12:51:00 PM | Computer Name = Faith | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6000.16549 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c84 Start Time: 01caaf227caaab9e Termination Time: 15
Error - 2/16/2010 1:34:43 PM | Computer Name = FAITH | Source = WerSvc | ID = 5007
Description =
Error - 2/16/2010 2:22:40 PM | Computer Name = Faith | Source = VSS | ID = 8194
Description =
Error - 2/16/2010 2:22:42 PM | Computer Name = Faith | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ Media Center Events ]
Error - 1/26/2009 4:53:53 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.
Error - 1/26/2009 4:53:56 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 1/26/2009 4:53:59 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 1/26/2009 4:54:03 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.
Error - 1/26/2009 4:34:47 PM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 4/19/2009 8:34:49 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 4/19/2009 9:26:52 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.
Error - 4/19/2009 9:26:52 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.
Error - 4/19/2009 9:27:03 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 4/19/2009 9:27:33 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 4/19/2009 9:30:23 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 4/19/2009 10:11:09 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.
Error - 4/19/2009 10:11:09 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.
Error - 4/19/2009 10:11:17 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 4/19/2009 10:11:23 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
< End of report >
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
GMER ROOTKIT RESULTS
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-16 11:49:20
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Nichole\AppData\Local\Temp\fgrdypow.sys
---- System - GMER 1.0.15 ----
INT 0xFF \SystemRoot\System32\Drivers\kernel.sys 8026C6E4
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcuxqwxgmrb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcuxqwxgmrb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTohglcrcbum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTqfrjcemiui.dat
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTjwckhmihlw.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTntidybjpgc.dll
---- EOF - GMER 1.0.15 ----
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@MALWAREBYTES LOGS
(Full Scan Results)
Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16609
2/16/2010 1:13:08 AM
mbam-log-2010-02-16 (01-13-08).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 444379
Time elapsed: 1 hour(s), 2 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Nichole\Incomplete\T-11734498-AV Voice Changer Software 6.0.10 - vLcB + keygen.exe (P2P.Dropper.A) -> Quarantined and deleted successfully.
C:\Users\Nichole\Shared\Morphvox Pro Serial Generator.0xe (Trojan.Dropper.A) -> Quarantined and deleted successfully.
(Quick Scan Results)
Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16609
2/16/2010 12:03:49 AM
mbam-log-2010-02-16 (00-03-49).txt
Scan type: Quick Scan
Objects scanned: 42831
Time elapsed: 4 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Nichole\AppData\Local\Temp\CSM3A1B.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully...
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@