Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win XP running very slow


  • This topic is locked This topic is locked

#1
ndawson

ndawson

    GeekU Freshman

  • Member
  • PipPip
  • 65 posts
Hello,

I ran MBAM because this computer was running so slow. It found a trojan in the registry. After a reboot and another scan, the infection is gone. However, the computer is still running very slow. I'm wondering what else may be wrong. Here is the OTL report.

OTL logfile created on: 4/18/2011 5:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 130.58 Gb Free Space | 87.62% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 281.93 Gb Free Space | 60.55% Space Free | Partition Type: FAT32

Computer Name: HOME-D372B45C09 | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 17:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/03/14 09:24:01 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/10 02:39:34 | 000,458,752 | ---- | M] () -- C:\Program Files\Desktop Alert\liveonline_3346046.exe
PRC - [2011/02/03 01:31:18 | 000,142,336 | ---- | M] () -- C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
PRC - [2010/11/24 09:01:49 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/23 13:01:54 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/20 09:45:16 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/21 08:05:24 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 17:12:34 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 17:12:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 17:11:55 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 17:11:53 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/15 10:43:12 | 000,069,408 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2009/10/26 19:10:36 | 003,563,566 | ---- | M] (HughesNet.com) -- C:\Program Files\HughesNet Download Manager\HDM.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2005/09/19 03:53:50 | 001,687,552 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
PRC - [2005/09/19 03:29:54 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/09/19 03:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/09/19 03:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/09/19 03:09:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2004/01/21 10:45:48 | 000,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/01/21 10:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/09/21 10:48:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
PRC - [2003/09/21 10:21:16 | 000,270,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
PRC - [2003/02/20 17:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 10:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 17:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/02/20 17:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/21 08:05:24 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 17:12:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/12 18:24:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2005/09/19 03:25:20 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/09/19 03:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/09/19 03:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/09/19 02:57:14 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/09/19 02:56:32 | 000,401,408 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2004/01/21 10:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 17:12:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 17:11:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 00:32:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 11:04:20 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/09/19 10:05:00 | 000,309,632 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/09/19 10:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/09/19 10:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/19 10:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/19 05:08:50 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2004/05/28 11:57:50 | 000,730,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 19:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/03/24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 10:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/23 13:02:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\HughesNet Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell AIO Printer A960] C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe ()
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIUCU] File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [HughesNet Download Manager] C:\Program Files\HughesNet Download Manager\HDM.exe (HughesNet.com)
O4 - HKCU..\Run: [MoneyAgent] File not found
O4 - HKCU..\Run: [SB Audigy 2 Startup Menu] File not found
O4 - HKCU..\RunOnce: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Desktop Alert.lnk = C:\Program Files\Desktop Alert\liveonline_3346046.exe ()
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dllink.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.161.12 67.142.161.13
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 18:01:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 17:40:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/04/18 16:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Malwarebytes
[2011/04/18 16:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/18 16:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 16:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 16:40:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 16:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 15:36:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent
[2011/04/18 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/17 13:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\HughesNet Download Manager
[2011/04/17 13:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HughesNet Download Manager
[2011/04/17 13:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\HughesNet Download Manager
[2011/04/12 13:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\Microsoft Press
[2011/04/09 21:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn
[2011/04/09 21:31:45 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/04/09 21:31:44 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/04/09 21:31:44 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/04/09 21:31:22 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/04/09 21:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/09 21:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/04/03 22:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\Help
[2011/04/03 22:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Help
[2011/03/21 20:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\Smantha Honan
[2009/12/14 17:47:43 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFCU.DLL
[2009/12/14 17:47:40 | 000,086,016 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFCUR.DLL
[2009/12/14 17:47:22 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFUTIL.DLL
[2009/12/14 17:47:21 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFJSWR.DLL
[2009/12/12 20:11:05 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2004/11/29 17:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 17:41:48 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1078081533-1801674531-1004.job
[2011/04/18 17:41:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1078081533-1801674531-1004.job
[2011/04/18 17:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/04/18 17:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 17:15:15 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 17:14:31 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/18 17:14:31 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/18 17:14:31 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/18 17:14:31 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/18 17:14:31 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/18 17:14:31 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/18 17:14:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/18 17:14:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/18 17:13:13 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/18 16:40:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 15:28:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/18 15:04:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Microsoft Office Word 2003.lnk
[2011/04/18 14:16:12 | 074,791,603 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/18 10:26:19 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Shortcut to May 2011.lnk
[2011/04/17 13:08:52 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\HughesNet Download Manager.lnk
[2011/04/17 13:08:52 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HughesNet Download Manager.lnk
[2011/04/17 03:30:09 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/17 00:07:40 | 000,000,542 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/04/16 22:55:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 21:31:21 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/04/03 22:40:28 | 000,150,468 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\04-03-2011 10;40;26PM.JPG
[2011/04/03 21:23:02 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/04/03 21:22:50 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\RealPlayer.lnk
[2011/04/03 08:37:55 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Ixquick Web Search.url
[2011/03/27 11:20:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/20 22:30:20 | 001,020,272 | ---- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 16:40:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 15:28:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/18 10:26:19 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Shortcut to May 2011.lnk
[2011/04/17 13:08:52 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\HughesNet Download Manager.lnk
[2011/04/17 13:08:52 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HughesNet Download Manager.lnk
[2011/04/09 21:31:20 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/09 21:31:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/04/03 22:48:20 | 000,150,468 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\04-03-2011 10;40;26PM.JPG
[2011/04/03 21:23:02 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/04/03 21:22:50 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\RealPlayer.lnk
[2010/12/21 01:13:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\uninstall.exe
[2010/02/19 13:44:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/01/09 00:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/01/08 23:53:40 | 000,101,605 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/01/07 13:13:03 | 000,061,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/22 12:10:31 | 000,446,764 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2009/12/22 12:10:29 | 001,020,272 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2009/12/22 01:49:32 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 20:42:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/12/15 01:19:38 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat
[2009/12/15 00:26:43 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/15 00:21:43 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2009/12/15 00:21:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2009/12/15 00:21:43 | 000,000,445 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2009/12/14 23:53:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/14 17:47:59 | 000,000,542 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/12/14 17:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2009/12/14 17:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbfvs.dll
[2009/12/14 17:47:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DLBFIH.EXE
[2009/12/14 17:47:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\DLBFLCNP.DLL
[2009/12/14 17:47:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbfscin.dll
[2009/12/14 17:47:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dlbfcinf.dll
[2009/12/14 17:47:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dlbfcoin.dll
[2009/12/14 17:47:22 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbfcoin.ini
[2009/12/13 01:36:53 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2009/12/13 01:36:53 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2009/12/12 20:11:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/12/12 20:11:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/12/12 20:11:19 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/12/12 20:11:19 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/12 20:11:14 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2009/12/12 20:11:13 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009/12/12 20:11:13 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2009/12/12 20:11:13 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2009/12/12 20:11:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2009/12/12 20:11:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2009/12/12 20:11:10 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/12/12 20:11:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2009/12/12 20:11:10 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/12/12 20:11:10 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/12/12 20:11:04 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2009/12/12 20:10:54 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2009/12/12 20:09:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/12/12 18:31:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/12/12 18:27:30 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009/12/12 18:27:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2009/12/12 18:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 17:59:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/12 11:52:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/12 11:51:15 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/19 03:15:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/14 20:05:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/14 20:05:36 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/14 20:05:36 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005/09/14 20:05:36 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/14 20:05:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/08/29 17:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,401,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,061,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/26 09:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/21 22:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/14 17:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/12 18:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/14 09:24:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/18 14:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/12/21 23:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/21 22:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/04/08 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/29 21:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/09 00:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Canon
[2010/07/02 18:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\com.hughesnet.HughesNetStatusMeter.01AEF16E74A158B173D9EB6C77C7CD8D859A7566.1
[2011/02/03 01:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
[2011/04/18 17:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HughesNet Download Manager
[2009/12/16 00:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2010/04/05 12:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Mystic Moods Orchestra:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Grace's 90th Birthday.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Copy of Nolan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Bank Statements - Drafts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\Desktop\Unused Desktop Shortcuts:Roxio EMC Stream

< End of report >


Here is the Extras document if you need it.

OTL Extras logfile created on: 4/18/2011 5:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 130.58 Gb Free Space | 87.62% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 281.93 Gb Free Space | 60.55% Space Free | Partition Type: FAT32

Computer Name: HOME-D372B45C09 | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{2223989A-31FA-40CF-8ACB-7E66DF8076A9}" = Microsoft Office Word 2003 Step by Step
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{3780136B-22BA-4327-A226-A39EB2636730}" = Roxio Easy Media Creator 8 Content
"{451E6F89-34C0-1FE0-5A74-B4725CEEDB93}" = HughesNet Status Meter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}" = ArcSoft PhotoStudio 5.5
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50CD37D1-FB6B-41A8-A8F9-BA1ECB9BF231}" = Eragon Print Studio
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{60DBEED5-6A01-44D4-86E4-1F4048DA5834}_is1" = HughesNet Download Manager 1.2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1" = HughesNet Status Meter
"Dell AIO Printer A960" = Dell AIO Printer A960
"Desktop Alert" = Desktop Alert
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0044)
"GENEUIDE" = USB Storage Driver
"GoToAssist" = GoToAssist 8.0.0.514
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{2223989A-31FA-40CF-8ACB-7E66DF8076A9}" = Microsoft Office Word 2003 Step by Step
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2010 2:31:39 PM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1002
Description = Hanging application ZoomBrowser.exe, version 5.5.0.190, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2010 11:20:24 PM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2010 11:46:09 AM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 7/24/2010 3:45:43 PM | Computer Name = HOME-D372B45C09 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/27/2010 4:37:16 PM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2010 6:30:35 PM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1002
Description = Hanging application ZoomBrowser.exe, version 5.5.0.190, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2010 6:30:50 PM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1001
Description = Fault bucket 212599468.

Error - 8/3/2010 11:04:18 AM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1002
Description = Hanging application ZoomBrowser.exe, version 5.5.0.190, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2010 11:04:33 AM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1001
Description = Fault bucket 212599468.

Error - 8/18/2010 2:43:07 PM | Computer Name = HOME-D372B45C09 | Source = Application Hang | ID = 1002
Description = Hanging application LinksysAdvisor.exe, version 3.1.2.208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/9/2011 10:56:06 PM | Computer Name = HOME-D372B45C09 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 0011113F0FEF has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/16/2011 11:56:22 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/16/2011 11:56:22 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/16/2011 11:56:22 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 4/17/2011 7:56:32 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/17/2011 7:56:32 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/17/2011 7:56:32 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 4/18/2011 3:56:36 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/18/2011 3:56:36 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/18/2011 3:56:36 PM | Computer Name = HOME-D372B45C09 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .


< End of report >
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello ndawson and welcome to G2G. :D

We're so sorry about the delay. Please run another OTL scan and post the new report for my review.
  • 0

#3
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hello sempai,

No worries about the delay. I know the forum is busy. I am out of town at the moment but will be back tomorrow. Wanted you to know I do need help with the computer still but won't post the new log until tomorrow.

-ndawson
  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
No problem, just post the log when ready. :D
  • 0

#5
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
This machine is running maddingly slow. It takes forever for programs to start and doing anything takes ages. The memory and cpu usages are low though. Here is the updated OTL report.

OTL logfile created on: 4/22/2011 11:30:30 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 130.29 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 281.93 Gb Free Space | 60.55% Space Free | Partition Type: FAT32

Computer Name: HOME-D372B45C09 | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 17:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/03/14 09:24:01 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/10 02:39:34 | 000,458,752 | ---- | M] () -- C:\Program Files\Desktop Alert\liveonline_3346046.exe
PRC - [2011/02/03 01:31:18 | 000,142,336 | ---- | M] () -- C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
PRC - [2010/11/24 09:01:49 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/23 13:01:54 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/20 09:45:16 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/21 08:05:24 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 17:12:34 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 17:12:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 17:11:55 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 17:11:53 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/15 10:43:12 | 000,069,408 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2009/10/26 19:10:36 | 003,563,566 | ---- | M] (HughesNet.com) -- C:\Program Files\HughesNet Download Manager\HDM.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2005/09/19 03:53:50 | 001,687,552 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
PRC - [2005/09/19 03:29:54 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/09/19 03:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/09/19 03:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/09/19 03:09:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2004/01/21 10:45:48 | 000,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/01/21 10:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/09/21 10:48:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
PRC - [2003/09/21 10:21:16 | 000,270,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
PRC - [2003/02/20 17:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 10:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 17:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/02/20 17:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/21 08:05:24 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 17:12:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/12 18:24:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2005/09/19 03:25:20 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/09/19 03:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/09/19 03:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/09/19 02:57:14 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/09/19 02:56:32 | 000,401,408 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2004/01/21 10:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 17:12:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 17:11:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 00:32:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 11:04:20 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/09/19 10:05:00 | 000,309,632 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/09/19 10:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/09/19 10:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/19 10:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/19 05:08:50 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2004/05/28 11:57:50 | 000,730,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 19:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/03/24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 10:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/23 13:02:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\HughesNet Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell AIO Printer A960] C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe ()
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIUCU] File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [HughesNet Download Manager] C:\Program Files\HughesNet Download Manager\HDM.exe (HughesNet.com)
O4 - HKCU..\Run: [MoneyAgent] File not found
O4 - HKCU..\Run: [SB Audigy 2 Startup Menu] File not found
O4 - HKCU..\RunOnce: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Desktop Alert.lnk = C:\Program Files\Desktop Alert\liveonline_3346046.exe ()
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dllink.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.161.12 67.142.161.13
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 18:01:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 15:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/20 15:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/20 15:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/20 15:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/20 10:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\R-Titles
[2011/04/18 17:40:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/04/18 16:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Malwarebytes
[2011/04/18 16:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/18 16:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 16:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 16:40:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 16:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 15:36:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent
[2011/04/18 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/17 13:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\HughesNet Download Manager
[2011/04/17 13:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HughesNet Download Manager
[2011/04/17 13:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\HughesNet Download Manager
[2011/04/12 13:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\Microsoft Press
[2011/04/09 21:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn
[2011/04/09 21:31:45 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/04/09 21:31:44 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/04/09 21:31:44 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/04/09 21:31:22 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/04/09 21:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/09 21:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/04/03 22:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\Help
[2011/04/03 22:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Help
[2009/12/14 17:47:43 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFCU.DLL
[2009/12/14 17:47:40 | 000,086,016 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFCUR.DLL
[2009/12/14 17:47:22 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFUTIL.DLL
[2009/12/14 17:47:21 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFJSWR.DLL
[2009/12/12 20:11:05 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2004/11/29 17:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/22 22:55:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1078081533-1801674531-1004.job
[2011/04/22 22:55:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1078081533-1801674531-1004.job
[2011/04/22 21:33:15 | 075,003,773 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/22 21:28:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/22 21:28:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 21:28:26 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 08:04:10 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/21 08:04:10 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/21 08:04:10 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/21 08:04:10 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/21 08:04:10 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/21 08:04:10 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/21 08:04:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/21 08:04:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/21 08:03:35 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/20 19:12:30 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Microsoft Office Word 2003.lnk
[2011/04/20 15:19:41 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/04/19 15:11:45 | 000,000,542 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/04/18 17:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/04/18 16:40:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 15:28:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/18 10:26:19 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Shortcut to May 2011.lnk
[2011/04/17 13:08:52 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\HughesNet Download Manager.lnk
[2011/04/17 13:08:52 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HughesNet Download Manager.lnk
[2011/04/17 03:30:09 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/09 21:31:21 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/04/03 22:40:28 | 000,150,468 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\04-03-2011 10;40;26PM.JPG
[2011/04/03 21:23:02 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/04/03 21:22:50 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\RealPlayer.lnk
[2011/04/03 08:37:55 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Ixquick Web Search.url
[2011/03/27 11:20:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/20 15:19:41 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/04/18 16:40:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 15:28:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/18 10:26:19 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Shortcut to May 2011.lnk
[2011/04/17 13:08:52 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\HughesNet Download Manager.lnk
[2011/04/17 13:08:52 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HughesNet Download Manager.lnk
[2011/04/09 21:31:20 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/09 21:31:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/04/03 22:48:20 | 000,150,468 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\04-03-2011 10;40;26PM.JPG
[2011/04/03 21:23:02 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/04/03 21:22:50 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\RealPlayer.lnk
[2010/12/21 01:13:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\uninstall.exe
[2010/02/19 13:44:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/01/09 00:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/01/08 23:53:40 | 000,101,605 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/01/07 13:13:03 | 000,061,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/22 12:10:31 | 000,446,764 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2009/12/22 12:10:29 | 001,020,272 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2009/12/22 01:49:32 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 20:42:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/12/15 01:19:38 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat
[2009/12/15 00:26:43 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/15 00:21:43 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2009/12/15 00:21:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2009/12/15 00:21:43 | 000,000,445 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2009/12/14 23:53:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/14 17:47:59 | 000,000,542 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/12/14 17:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2009/12/14 17:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbfvs.dll
[2009/12/14 17:47:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DLBFIH.EXE
[2009/12/14 17:47:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\DLBFLCNP.DLL
[2009/12/14 17:47:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbfscin.dll
[2009/12/14 17:47:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dlbfcinf.dll
[2009/12/14 17:47:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dlbfcoin.dll
[2009/12/14 17:47:22 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbfcoin.ini
[2009/12/13 01:36:53 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2009/12/13 01:36:53 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2009/12/12 20:11:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/12/12 20:11:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/12/12 20:11:19 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/12/12 20:11:19 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/12 20:11:14 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2009/12/12 20:11:13 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009/12/12 20:11:13 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2009/12/12 20:11:13 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2009/12/12 20:11:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2009/12/12 20:11:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2009/12/12 20:11:10 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/12/12 20:11:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2009/12/12 20:11:10 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/12/12 20:11:10 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/12/12 20:11:04 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2009/12/12 20:10:54 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2009/12/12 20:09:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/12/12 18:31:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/12/12 18:27:30 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009/12/12 18:27:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2009/12/12 18:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 17:59:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/12 11:52:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/12 11:51:15 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/19 03:15:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/14 20:05:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/14 20:05:36 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/14 20:05:36 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005/09/14 20:05:36 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/14 20:05:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/08/29 17:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,401,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,061,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/26 09:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/21 22:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/14 17:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/12 18:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/14 09:24:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/22 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/12/21 23:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/21 22:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/04/08 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/29 21:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/09 00:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Canon
[2010/07/02 18:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\com.hughesnet.HughesNetStatusMeter.01AEF16E74A158B173D9EB6C77C7CD8D859A7566.1
[2011/02/03 01:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
[2011/04/22 23:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HughesNet Download Manager
[2009/12/16 00:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2010/04/05 12:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Mystic Moods Orchestra:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Grace's 90th Birthday.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Copy of Nolan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\My Documents\Bank Statements - Drafts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Robert\Desktop\Unused Desktop Shortcuts:Roxio EMC Stream

< End of report >
  • 0

#6
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please temporary remove the following programs while we clean the infected PC so they will not interfere with the tools or prevent any changes on your PC:
  • AVG 9.0
  • Uniblue RegistryBooster 2010


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#7
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Do you mean disable them or uninstall them?
  • 0

#8
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
You can just disable Uniblue RegistryBooster 2010 but you need to uninstall AVG so combofix will run uninterrupted.
  • 0

#9
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ComboFix 11-04-22.03 - Robert 04/23/2011 1:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2520 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robert\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-20 20:12 . 2011-04-20 20:12 -------- d-----w- c:\program files\iPod
2011-04-20 20:12 . 2011-04-20 20:12 -------- d-----w- c:\program files\iTunes
2011-04-20 20:08 . 2011-04-20 20:08 -------- d-----w- c:\program files\Bonjour
2011-04-18 21:41 . 2011-04-18 21:41 -------- d-----w- c:\documents and settings\Robert\Application Data\Malwarebytes
2011-04-18 21:40 . 2011-04-18 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-18 21:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 21:40 . 2011-04-18 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 21:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 20:28 . 2011-04-18 20:28 -------- d-----w- c:\program files\CCleaner
2011-04-17 18:08 . 2011-04-23 06:34 -------- d-----w- c:\documents and settings\Robert\Application Data\HughesNet Download Manager
2011-04-17 18:08 . 2011-04-17 18:08 -------- d-----w- c:\program files\HughesNet Download Manager
2011-04-10 02:31 . 2011-04-10 02:31 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\LogMeIn
2011-04-10 02:31 . 2011-03-01 17:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-04-10 02:31 . 2011-03-01 17:12 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-04-10 02:31 . 2011-03-01 17:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-04-10 02:31 . 2010-09-17 20:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-04-10 02:31 . 2011-03-01 17:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-04-10 02:31 . 2011-04-23 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2011-04-10 02:31 . 2011-04-10 02:36 -------- d-----w- c:\program files\LogMeIn
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 03:46 . 2011-04-04 03:46 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-12-12 22:59 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 16:19 . 2009-12-14 22:49 45056 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\QuickTourStand.exe
2011-02-22 16:19 . 2009-12-14 22:49 45056 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\NewShortcut1_2.exe
2011-02-22 16:19 . 2009-12-14 22:49 45056 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\Camio.exe
2011-02-22 16:19 . 2009-12-14 22:49 40960 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\NewShortcut1_4.exe
2011-02-22 11:41 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-12-15 09:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 07:39 . 2010-12-21 06:13 61440 ----a-w- c:\windows\uninstall.exe
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 03:40 . 2010-05-14 19:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2010-05-14 19:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-12-12 22:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-12 22:58 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"HughesNet Download Manager"="c:\program files\HughesNet Download Manager\HDM.exe" [2009-10-27 3563566]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 335872]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-23 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Robert\Start Menu\Programs\Startup\
Desktop Alert.lnk - c:\program files\Desktop Alert\liveonline_3346046.exe [2010-12-29 458752]
HughesNetStatusMeter.lnk - c:\program files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [2011-2-3 142336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-12-15 209016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-12 23:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-03-01 17:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1078081533-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-04-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1078081533-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ixquick.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/dc2
uInternet Settings,ProxyOverride = *.local
IE: Download all with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlall.htm
IE: Download selected with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlselected.htm
IE: Download video with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlfvideo.htm
IE: Download with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D127CFD1-2EEB-4029-82E8-D3CF87D36C6E} = 66.82.4.8,66.82.4.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-SB Audigy 2 Startup Menu - (no file)
HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
HKLM-Run-HughesNetTools_McciTrayApp - c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 01:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(868)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-23 01:35:49
ComboFix-quarantined-files.txt 2011-04-23 06:35
.
Pre-Run: 140,371,898,368 bytes free
Post-Run: 140,577,247,232 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D23CAC768160B6E7494417D3EDAE4D73
  • 0

#10
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
  • Click on I Agree.
  • If an Active X warning box will appear Click on Install.
    Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
    "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
    Click on that and select: Install Active x.
  • Now Click On Start Scan. Please wait as it might take some time.
  • If it found anything when it finished click Click here to export the scan report
  • Give the report a name and save it. The file will be a .HTML file.
  • Please attach the file to your reply.
  • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
  • Highlight the file and click Open then press the green UPLOAD button.
Note: For Windows Vista/7 users, you will need to to right-click on Internet Explorer icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • 0

Advertisements


#11
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Every time the virus signature update gets to about 40% it goes back to zero and starts over. It's not updating or running the scan.
  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I am going to try bitdefender again. I restarted my computer after this scan and the computer seems to be working better. I will let you know if the scan works this time or not.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6424

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/23/2011 4:08:04 AM
mbam-log-2011-04-23 (04-08-04).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 258016
Time elapsed: 47 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I ran the eset scanner and it found 2 entries from my uniblue registry cleaner. It cleaned them and now my system is clean based on the eset scanner. The computer seems to be running faster. Can I reinstall an antivirus now?
  • 0

#15
ndawson

ndawson

    GeekU Freshman

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here is my ESET online scan result.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=1866ac92e3bc6f4c9bfa57028b21298e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-24 12:12:15
# local_time=2011-04-23 07:12:15 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 41231055 41231055 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=100345
# found=0
# cleaned=0
# scan_time=2473
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP