What the Tech logo
Welcome! Register for a free account (or login) > How does it work?
  1. Quickly register. It will only take 60 seconds.
  2. Start a new topic. Ask your question. Wait for an email reply.
  3. Is your system infected? Begin reading the malware removal guide.
 register button
Closed TopicStart new topic
> [Closed] Programs crashing., Almost every single program crashes...
jfinner1
post Nov 17 2009, 07:19 AM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 60
Joined: 15-March 08
Member No.: 77,611
Operating System: Windows XP
I don't know what is wrong with my computer. It's a Dell Inspiron 600m, running Windows XP Home. It's been giving me problems for a few weeks now, and I'm at a loss. Pretty much every program on the computer will crash if left open for 5-10 minutes, some of them crash almost instantly. For example, Internet explorer and Firefox will usually work for a few minutes before becoming non-responsive. Same thing with Word, Powerpoint, and Excel. uTorrent will work, but not make any connections, and then crash after a few minutes of attempting to establish a connection. Pidgin will only connect to half of my accounts, and then crash. Windows Media play, Media Monkey, and Outlook crash instantly. It seems the only program that *doesn't* crash is my anti virus, AVG Free. I've used ATI Cleaner to clear all my temp stuff, and yes, it crashed, luckily after I'd cleared the files. It crashed when I went to close. I've run scans with AVG and Malwarebytes (which didn't crash, yea!) and both came back spotless.

Some other pieces of useful, maybe relevant information. A program called CLayoutHostWnd goes non-responsive every time I shut down, and has to be forced to quit. A .NET Framework update has been sitting in my update manager for quiet a while, and refused to install. When I networked my computers, I shared the entire C drive. I noticed that I still show the remnants of an old user account that I deleted forever ago, and doesn't show up under User accounts on my computer, only under the network places of my other computer. When trying to change my startup options in msconfig, I get an Access Denied error message stating that I may need to log in as an Admin. My account is the Admin account, and should be the only account, and after restarting the computer, the changes had been implemented. Strange...

Here are my logs. When running Root Repeal, I got an error saying that it couldn't read my registry.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/11/17 08:12

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================



Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xEC201000 Size: 98304 File Visible: No Signed: -

Status: -



Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7D51000 Size: 8192 File Visible: No Signed: -

Status: -



Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xBA345000 Size: 49152 File Visible: No Signed: -

Status: -



Name: uphcleanhlp.sys

Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys

Address: 0xEB8C6000 Size: 8960 File Visible: No Signed: -

Status: -



SSDT

-------------------

#: 263 Function Name: NtUnloadKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xeb8c66d0



==EOF==



DDS (Ver_09-06-26.01) - NTFSx86

Run by Jessyca at 8:10:37.51 on Tue 11/17/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.503 [GMT -5:00]



AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}



============== Running Processes ===============



C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgui.exe

C:\Documents and Settings\All Users\Documents\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

mSearch Page =

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyServer = ˆ

uInternet Settings,ProxyOverride = ’’’’2‘|–‘|ė‘|;*.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

mWinlogon: Userinit=c:\windows\system32\Userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: This BHO has been enabled by BHODemon. - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File

BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

{0b53eac3-8d69-4b9e-9b19-a37c9a5676a7}

{42cdd1bf-3ffb-4238-8ad1-7859df00b1d6}

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mExplorerRun: [wininet.dll]

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252560745282

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\jessyca\applic~1\mozilla\firefox\profiles\9ei9ciqw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - component: c:\documents and settings\jessyca\application data\mozilla\firefox\profiles\9ei9ciqw.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\jessyca\application data\mozilla\firefox\profiles\9ei9ciqw.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll



---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");



============= SERVICES / DRIVERS ===============



R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-5 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-5 28424]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-5 360584]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-5 285392]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-16 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-11-14 109440]

S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728]

S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2004-7-16 62048]



=============== Created Last 30 ================



2009-11-12 09:30 <DIR> --d----- c:\program files\MediaMonkey

2009-11-11 03:16 <DIR> --d----- c:\program files\uTorrent

2009-11-11 03:15 <DIR> --d----- c:\docume~1\jessyca\applic~1\uTorrent

2009-11-05 19:44 360,584 a------- c:\windows\system32\drivers\avgtdix.sys

2009-11-05 19:44 12,464 a------- c:\windows\system32\avgrsstx.dll

2009-11-05 19:44 333,192 a------- c:\windows\system32\drivers\avgldx86.sys

2009-11-05 19:44 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-11-01 16:33 <DIR> --d----- C:\$AVG

2009-11-01 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9

2009-10-31 09:56 185,344 a------- c:\windows\system32\Thawbrkr.dll

2009-10-31 09:56 185,344 a------- c:\windows\system32\dllcache\thawbrkr.dll

2009-10-31 09:56 10,752 a------- c:\windows\system32\dllcache\c_iscii.dll

2009-10-31 09:56 10,752 a------- c:\windows\system32\c_iscii.dll

2009-10-24 20:34 262,144 a------- c:\windows\system32\default_user_class.dat



==================== Find3M ====================



2009-10-22 04:19 5,939,712 a------- c:\windows\system32\dllcache\mshtml.dll

2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll

2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll

2009-09-09 19:06 77,899 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll

2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll

2009-09-04 00:36 45 a------- c:\documents and settings\jessyca\jagex_runescape_preferences2.dat

2009-09-04 00:36 37 a------- c:\documents and settings\jessyca\jagex_runescape_preferences.dat

2009-08-28 05:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe

2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll

2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll

2008-02-26 23:39 1,622 ac------ c:\program files\ALLTEL Internet Accelerator Client setup.log

2007-04-08 07:17 90,936 ac------ c:\docume~1\jessyca\applic~1\GDIPFONTCACHEV1.DAT



============= FINISH: 8:11:17.94 ===============

Attached File(s)
Attached File  Attach.txt ( 15.75K ) Number of downloads: 51
 
Go to the top of the page
 
+Quote Post
 
 Start new topic
Replies (1 - 4)
CatByte
post Nov 21 2009, 01:13 PM
Post #2


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,402
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

This may not be malware related, but we can run some scans to make sure:

Please do the following:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
Go to the top of the page
 
+Quote Post
jfinner1
post Nov 21 2009, 02:25 PM
Post #3


Authentic Member
**

Group: Authentic Member
Posts: 60
Joined: 15-March 08
Member No.: 77,611
Operating System: Windows XP
Thank you for taking a look. Here are the two logs you asked for. Hope they help!


OTL logfile created on: 11/21/2009 2:47:30 PM - Run 1

OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Jessyca\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1023.23 Mb Total Physical Memory | 544.98 Mb Available Physical Memory | 53.26% Memory free

1.28 Gb Paging File | 0.93 Gb Available in Paging File | 72.84% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.98 Gb Total Space | 48.83 Gb Free Space | 68.80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: ODIN

Current User Name: Jessyca

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan



========== Processes (SafeList) ==========



PRC - C:\Documents and Settings\Jessyca\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)

PRC - C:\WINDOWS\system32\ati2evxx.exe ()

PRC - C:\WINDOWS\system32\ati2evxx.exe ()

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()

PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc)

PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)





========== Modules (SafeList) ==========



MOD - C:\Documents and Settings\Jessyca\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\xgusb.cpl (YAMAHA Corp.)





========== Win32 Services (SafeList) ==========



SRV - (aspnet_state) -- File not found

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (OpenCASE Media Agent) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe ()

SRV - (wltrysvc) -- C:\WINDOWS\System32\wltrysvc.exe ()

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (TermService) -- C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)

SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ’’’’2‘|–‘|ė‘|;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ



========== FireFox ==========



FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.57015

FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007

FF - prefs.js..extensions.enabledItems: tabcounter@morac:1.8.4

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2

FF - prefs.js..extensions.enabledItems: tabpopup@adarsh.tp:1.2.1

FF - prefs.js..extensions.enabledItems: {97c7d43c-4182-49b8-9b04-b78fed89d7fb}:1.2.3

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="





FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/10 16:53:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 15:09:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 15:09:58 | 00,000,000 | ---D | M]



[2009/09/03 23:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Extensions

[2009/09/03 23:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/16 05:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions

[2009/11/08 18:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/09/28 16:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}

[2008/03/10 05:27:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}

[2009/09/04 00:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/09/28 16:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}

[2009/10/14 15:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2009/09/28 16:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

[2009/09/03 23:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\foxmarks@kei.com

[2008/02/14 17:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\moveplayer@movenetworks.com

[2009/11/11 03:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\tabcounter@morac

[2009/09/28 17:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\tabpopup@adarsh.tp

[2009/09/03 23:45:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/09 15:09:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/09 15:09:53 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/09 15:09:54 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/11/09 15:09:55 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2006/02/19 16:57:14 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2005/09/20 21:22:49 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2005/12/24 13:07:10 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2005/12/24 13:07:10 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2005/12/24 13:07:11 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2005/12/24 13:07:11 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2005/12/24 13:07:11 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2006/02/19 16:57:40 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2006/02/19 16:57:01 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2008/02/15 16:42:58 | 00,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2009/09/03 23:57:19 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/03 23:57:19 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/09/03 23:57:19 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/03 23:57:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/03 23:57:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/03 23:57:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.

O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll File not found

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: wininet.dll =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1252560745282 (MUWebControl Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell - "" = AutoRun

O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell - "" = AutoRun

O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found



NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/08/07 00:00:28 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)



========== Files/Folders - Created Within 14 Days ==========



[2009/11/21 14:43:07 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessyca\Desktop\OTL.exe

[2009/11/17 12:37:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Website

[2009/11/17 08:12:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Documents\RootRepeal.exe

[2009/11/15 18:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jessyca\My Documents\My Stuff

[2009/11/13 00:17:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Robert Jordan - The Wheel of Time

[2009/11/12 09:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\MediaMonkey

[2009/11/12 09:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey

[2009/11/11 03:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2009/11/11 03:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jessyca\Application Data\uTorrent

[2009/11/08 18:17:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2005/09/20 20:49:36 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]



========== Files - Modified Within 14 Days ==========



[2009/11/21 14:46:56 | 00,346,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/21 14:46:56 | 00,054,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/21 14:46:55 | 00,405,892 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/21 14:43:18 | 00,000,772 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/21 14:43:18 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/21 14:43:18 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/11/21 14:42:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/21 14:42:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/21 14:41:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/21 14:41:54 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/21 14:41:15 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessyca\Desktop\OTL.exe

[2009/11/21 14:24:55 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\Jessyca\NTUSER.DAT

[2009/11/21 14:24:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jessyca\ntuser.ini

[2009/11/21 12:39:45 | 45,542,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/21 12:39:19 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/18 22:16:12 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 18:32:48 | 00,660,918 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\furelise.pdf

[2009/11/18 17:41:02 | 00,023,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5Done.docx

[2009/11/18 15:38:32 | 00,023,980 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5.docx

[2009/11/18 14:42:00 | 00,019,283 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_3.docx

[2009/11/17 18:51:08 | 00,015,180 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\JessycaFinnerty_Unit5.docx

[2009/11/17 08:12:27 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\settings.dat

[2009/11/17 08:11:27 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Documents\RootRepeal.exe

[2009/11/17 08:06:10 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\dds.scr

[2009/11/16 05:41:20 | 00,003,191 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bio2.html

[2009/11/14 20:29:42 | 00,002,613 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bio.html

[2009/11/12 09:14:43 | 01,662,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/10 08:16:22 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/08 18:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jessyca\My Documents\Forever and a Day.pdf

[2009/11/08 13:52:12 | 00,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Project2.html

[2009/11/08 13:38:37 | 00,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Project 2

[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]



========== Files Created - No Company Name ==========



[2009/11/18 18:32:51 | 00,660,918 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\furelise.pdf

[2009/11/18 17:18:51 | 00,023,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5Done.docx

[2009/11/18 15:03:41 | 00,023,980 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5.docx

[2009/11/18 14:52:43 | 00,015,180 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\JessycaFinnerty_Unit5.docx

[2009/11/18 14:42:19 | 00,019,283 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_3.docx

[2009/11/17 08:12:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\settings.dat

[2009/11/17 08:06:40 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\dds.scr

[2009/11/16 05:37:16 | 00,003,191 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bio2.html

[2009/11/15 10:23:47 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys

[2009/11/14 20:29:41 | 00,002,613 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bio.html

[2009/11/08 18:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jessyca\My Documents\Forever and a Day.pdf

[2009/11/08 13:49:10 | 00,002,121 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Project2.html

[2009/11/08 13:39:46 | 00,002,001 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Project 2

[2007/11/14 04:21:42 | 00,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys

[2007/11/11 03:48:36 | 00,405,588 | ---- | C] () -- C:\WINDOWS\System32\vc6-stlport-re300l.dll

[2007/11/11 03:48:15 | 00,001,622 | ---- | C] () -- C:\Program Files\ALLTEL Internet Accelerator Client setup.log

[2007/08/18 12:40:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HOME.INI

[2007/01/20 19:04:00 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2007/01/20 18:59:03 | 00,004,274 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/11/16 07:47:44 | 00,090,936 | ---- | C] () -- C:\Documents and Settings\Jessyca\Application Data\GDIPFONTCACHEV1.DAT

[2006/07/26 15:47:45 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/06/10 22:44:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2006/04/26 23:39:39 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\fusioncache.dat

[2006/04/10 11:45:14 | 00,000,386 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI

[2006/04/04 22:46:37 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll

[2006/02/28 03:36:43 | 00,000,166 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/02/24 09:00:59 | 06,918,032 | -H-- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\IconCache.db

[2006/02/19 02:09:50 | 00,000,051 | ---- | C] () -- C:\WINDOWS\ezmacros.INI

[2006/01/15 23:53:49 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Jessyca\Application Data\PFP120JPR.{PB

[2006/01/15 23:53:49 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Jessyca\Application Data\PFP120JCM.{PB

[2006/01/14 03:13:12 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2005/11/21 20:03:14 | 00,104,360 | ---- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2005/11/21 18:58:40 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/10/11 14:56:48 | 00,000,520 | ---- | C] () -- C:\WINDOWS\unezmac.ini

[2005/09/29 20:46:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jessyca\Application Data\desktop.ini

[2005/09/29 19:47:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/09/28 20:32:47 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/09/20 21:37:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/09/20 21:25:16 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/09/20 21:12:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2005/09/20 20:49:36 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2005/09/20 20:49:16 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/10 12:51:28 | 00,000,772 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2002/03/16 19:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000099.DLL

[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini



========== LOP Check ==========



[2009/11/05 19:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/03/10 05:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia

[2005/10/06 15:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions

[2006/10/04 20:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam

[2008/03/10 05:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/02/27 00:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2007/11/16 22:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2006/12/19 11:56:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)

[2007/12/04 17:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO

[2009/09/28 22:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\.purple

[2006/01/18 18:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Aim

[2006/03/31 16:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\CiscoCAA

[2006/01/15 23:53:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Corel

[2008/03/09 21:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\gtk-2.0

[2007/02/01 06:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\ICAClient

[2006/01/06 23:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Learn2.com

[2009/09/04 07:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\MSNInstaller

[2005/10/02 18:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Musicmatch

[2007/02/10 07:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Netscape

[2007/11/11 03:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Smith Micro

[2006/06/12 01:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Toshiba

[2009/11/17 10:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\uTorrent

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/21 14:42:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT



========== Purity Check ==========







========== Custom Scans ==========





< %SYSTEMDRIVE%\*.exe



>



< %SYSTEMDRIVE%\eventlog.dll /s /md5



>

[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]



< %SYSTEMDRIVE%\scecli.dll /s /md5



>

[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]



< %SYSTEMDRIVE%\netlogon.dll /s /md5



>

[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]



< %SYSTEMDRIVE%\cngaudit.dll /s /md5



>



< %SYSTEMDRIVE%\sceclt.dll /s /md5



>



< %SYSTEMDRIVE%\ntelogon.dll /s /md5



>



< %SYSTEMDRIVE%\logevent.dll /s /md5



>



< %SYSTEMDRIVE%\iaStor.sys /s /md5



>



< %SYSTEMDRIVE%\nvstor.sys /s /md5



>



< %SYSTEMDRIVE%\atapi.sys /s /md5



>

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys



< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5



>



< %SYSTEMDRIVE%\viasraid.sys /s /md5



>



< %SYSTEMDRIVE%\AGP440.sys /s /md5



>

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\agp440.sys

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS



< %SYSTEMDRIVE%\vaxscsi.sys /s /md5



>

< End of report >


OTL Extras logfile created on: 11/21/2009 2:47:31 PM - Run 1

OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Jessyca\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1023.23 Mb Total Physical Memory | 544.98 Mb Available Physical Memory | 53.26% Memory free

1.28 Gb Paging File | 0.93 Gb Available in Paging File | 72.84% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.98 Gb Total Space | 48.83 Gb Free Space | 68.80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: ODIN

Current User Name: Jessyca

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan



========== Extra Registry (SafeList) ==========





========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)



[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



========== Shell Spawning ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002



========== Authorized Applications List ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found

"C:\Program Files\aim.exe" = C:\Program Files\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\aim.exe" = C:\Program Files\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\WINDOWS\system32\requester.11.exe" = C:\WINDOWS\system32\requester.11.exe:*:Enabled:requester.11 -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found

"C:\Program Files\QGO\Legend of MIr3\Mir3Patch.exe" = C:\Program Files\QGO\Legend of MIr3\Mir3Patch.exe:*:Enabled:Mir3Patch -- File not found

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found

"C:\Program Files\Common Files\AOL\1137226492\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1137226492\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found

"C:\Program Files\Common Files\AOL\1137226492\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1137226492\ee\aim6.exe:*:Enabled:AIM -- File not found

"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Documents and Settings\Jessyca\My Documents\My Music\games\AOE2AOK\empires2.EXE" = C:\Documents and Settings\Jessyca\My Documents\My Music\games\AOE2AOK\empires2.EXE:*:Enabled:Age of Empires II -- File not found

"C:\Documents and Settings\Jessyca\My Documents\My Music\Empire Earth.exe" = C:\Documents and Settings\Jessyca\My Documents\My Music\Empire Earth.exe:*:Enabled:Empire Earth -- File not found

"C:\Program Files\Empire Earth\Empire Earth.exe" = C:\Program Files\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- File not found

"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found

"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Common Files\AOL\1150012326\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1150012326\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found

"C:\Program Files\Common Files\AOL\1150012326\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1150012326\ee\aim6.exe:*:Enabled:AIM -- File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found

"C:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NettGain1200_C.exe" = C:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NettGain1200_C.exe:*:Enabled:NettGain1100_C -- File not found

"C:\Program Files\mIRC\backup\mirc.exe" = C:\Program Files\mIRC\backup\mirc.exe:*:Enabled:mIRC -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)

"C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Enabled:NBC Direct Beta -- File not found

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)





========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in

"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player

"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"ATI Display Driver" = ATI Display Driver

"AVG9Uninstall" = AVG Free 9.0

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem

"Connection Manager" = Microsoft Connection Manager

"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ERUNT_is1" = ERUNT 1.1j

"EZMacros" = EZ Macros

"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaMonkey_is1" = MediaMonkey 3.1

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Pidgin" = Pidgin

"QuickLink Mobile" = QuickLink Mobile

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer

"Security Toolbar" = Security Toolbar

"StreetPlugin" = Learn2 Player (Uninstall Only)

"uTorrent" = µTorrent

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VLC media player 1.0.1

"VV_Outloud_En_US" = IBM ViaVoice Outloud Runtime - US English

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update



========== Last 10 Event Log Errors ==========



[ Application Events ]

Error - 11/14/2009 12:03:52 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting

module unknown, version 0.0.0.0, fault address 0x024d9c01.



Error - 11/14/2009 12:09:17 PM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/15/2009 8:25:03 AM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application uTorrent.exe, version 1.8.4.16688, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/15/2009 11:25:03 AM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting

module unknown, version 0.0.0.0, fault address 0x01559c01.



Error - 11/15/2009 7:50:22 PM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application uTorrent.exe, version 1.8.4.16688, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/17/2009 12:44:23 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x02089c01.



Error - 11/17/2009 12:44:43 PM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/17/2009 1:31:29 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x02739c01.



Error - 11/21/2009 1:36:42 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application NDP20-KB928365-X86.exe, version 1.0.569.1591,

faulting module NDP20-KB928365-X86.exe, version 1.0.569.1591, fault address 0x0001e103.



Error - 11/21/2009 1:37:14 PM | Computer Name = ODIN | Source = Application Error | ID = 1004

Description = Faulting application NDP20-KB928365-X86.exe, version 1.0.569.1591,

faulting module NDP20-KB928365-X86.exe, version 1.0.569.1591, fault address 0x0001e103.



[ System Events ]

Error - 11/21/2009 3:27:20 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The Windows Image Acquisition (WIA) service failed to start due to

the following error: %%1053



Error - 11/21/2009 3:27:20 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.



Error - 11/21/2009 3:27:20 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The Fax service failed to start due to the following error: %%1053



Error - 11/21/2009 3:28:51 PM | Computer Name = ODIN | Source = DCOM | ID = 10010

Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register

with DCOM within the required timeout.



Error - 11/21/2009 3:29:11 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7022

Description = The Automatic Updates service hung on starting.



Error - 11/21/2009 3:29:42 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.



Error - 11/21/2009 3:29:42 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053



Error - 11/21/2009 3:30:51 PM | Computer Name = ODIN | Source = DCOM | ID = 10010

Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register

with DCOM within the required timeout.



Error - 11/21/2009 3:42:14 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the OpenCASE Media Agent

service to connect.



Error - 11/21/2009 3:42:14 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The OpenCASE Media Agent service failed to start due to the following

error: %%1053





< End of report >
Go to the top of the page
 
+Quote Post
CatByte
post Nov 21 2009, 11:07 PM
Post #4


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,402
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    CODE
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ’’’’2 ‘|–‘|ė‘|;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
    O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell - "" = AutoRun
    O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell - "" = AutoRun
    O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



NEXT

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
Go to the top of the page
 
+Quote Post
CatByte
post Nov 30 2009, 06:20 PM
Post #5


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,402
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Due to inactivity this topic will be closed.
If you need help please start a new thread.
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

Closed TopicStart new topic

 
RSS Time is now: 11th March 2010 - 05:33 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.