Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Programs crashing.


  • This topic is locked This topic is locked
4 replies to this topic

#1 jfinner1

jfinner1

    Authentic Member

  • Authentic Member
  • PipPip
  • 62 posts

Posted 17 November 2009 - 07:19 AM

I don't know what is wrong with my computer. It's a Dell Inspiron 600m, running Windows XP Home. It's been giving me problems for a few weeks now, and I'm at a loss. Pretty much every program on the computer will crash if left open for 5-10 minutes, some of them crash almost instantly. For example, Internet explorer and Firefox will usually work for a few minutes before becoming non-responsive. Same thing with Word, Powerpoint, and Excel. uTorrent will work, but not make any connections, and then crash after a few minutes of attempting to establish a connection. Pidgin will only connect to half of my accounts, and then crash. Windows Media play, Media Monkey, and Outlook crash instantly. It seems the only program that *doesn't* crash is my anti virus, AVG Free. I've used ATI Cleaner to clear all my temp stuff, and yes, it crashed, luckily after I'd cleared the files. It crashed when I went to close. I've run scans with AVG and Malwarebytes (which didn't crash, yea!) and both came back spotless. Some other pieces of useful, maybe relevant information. A program called CLayoutHostWnd goes non-responsive every time I shut down, and has to be forced to quit. A .NET Framework update has been sitting in my update manager for quiet a while, and refused to install. When I networked my computers, I shared the entire C drive. I noticed that I still show the remnants of an old user account that I deleted forever ago, and doesn't show up under User accounts on my computer, only under the network places of my other computer. When trying to change my startup options in msconfig, I get an Access Denied error message stating that I may need to log in as an Admin. My account is the Admin account, and should be the only account, and after restarting the computer, the changes had been implemented. Strange... Here are my logs. When running Root Repeal, I got an error saying that it couldn't read my registry. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/17 08:12 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEC201000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7D51000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA345000 Size: 49152 File Visible: No Signed: - Status: - Name: uphcleanhlp.sys Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Address: 0xEB8C6000 Size: 8960 File Visible: No Signed: - Status: - SSDT ------------------- #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xeb8c66d0 ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Jessyca at 8:10:37.51 on Tue 11/17/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.503 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Documents and Settings\All Users\Documents\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html mSearch Page = mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway uInternet Settings,ProxyServer = ˆ uInternet Settings,ProxyOverride = ’’’’2‘|–‘|ė‘|;*.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: This BHO has been enabled by BHODemon. - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mExplorerRun: [wininet.dll] IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252560745282 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jessyca\applic~1\mozilla\firefox\profiles\9ei9ciqw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\jessyca\application data\mozilla\firefox\profiles\9ei9ciqw.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\jessyca\application data\mozilla\firefox\profiles\9ei9ciqw.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-5 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-5 28424] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-5 360584] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-5 285392] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-16 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-11-14 109440] S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728] S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2004-7-16 62048] =============== Created Last 30 ================ 2009-11-12 09:30 <DIR> --d----- c:\program files\MediaMonkey 2009-11-11 03:16 <DIR> --d----- c:\program files\uTorrent 2009-11-11 03:15 <DIR> --d----- c:\docume~1\jessyca\applic~1\uTorrent 2009-11-05 19:44 360,584 a------- c:\windows\system32\drivers\avgtdix.sys 2009-11-05 19:44 12,464 a------- c:\windows\system32\avgrsstx.dll 2009-11-05 19:44 333,192 a------- c:\windows\system32\drivers\avgldx86.sys 2009-11-05 19:44 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-11-01 16:33 <DIR> --d----- C:\$AVG 2009-11-01 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9 2009-10-31 09:56 185,344 a------- c:\windows\system32\Thawbrkr.dll 2009-10-31 09:56 185,344 a------- c:\windows\system32\dllcache\thawbrkr.dll 2009-10-31 09:56 10,752 a------- c:\windows\system32\dllcache\c_iscii.dll 2009-10-31 09:56 10,752 a------- c:\windows\system32\c_iscii.dll 2009-10-24 20:34 262,144 a------- c:\windows\system32\default_user_class.dat ==================== Find3M ==================== 2009-10-22 04:19 5,939,712 a------- c:\windows\system32\dllcache\mshtml.dll 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-09-09 19:06 77,899 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll 2009-09-04 00:36 45 a------- c:\documents and settings\jessyca\jagex_runescape_preferences2.dat 2009-09-04 00:36 37 a------- c:\documents and settings\jessyca\jagex_runescape_preferences.dat 2009-08-28 05:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll 2008-02-26 23:39 1,622 ac------ c:\program files\ALLTEL Internet Accelerator Client setup.log 2007-04-08 07:17 90,936 ac------ c:\docume~1\jessyca\applic~1\GDIPFONTCACHEV1.DAT ============= FINISH: 8:11:17.94 ===============

Attached Files


    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 21 November 2009 - 01:13 PM

Hi,

This may not be malware related, but we can run some scans to make sure:

Please do the following:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 jfinner1

jfinner1

    Authentic Member

  • Authentic Member
  • PipPip
  • 62 posts

Posted 21 November 2009 - 02:25 PM

Thank you for taking a look. Here are the two logs you asked for. Hope they help!


OTL logfile created on: 11/21/2009 2:47:30 PM - Run 1

OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Jessyca\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1023.23 Mb Total Physical Memory | 544.98 Mb Available Physical Memory | 53.26% Memory free

1.28 Gb Paging File | 0.93 Gb Available in Paging File | 72.84% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.98 Gb Total Space | 48.83 Gb Free Space | 68.80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: ODIN

Current User Name: Jessyca

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan



========== Processes (SafeList) ==========



PRC - C:\Documents and Settings\Jessyca\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)

PRC - C:\WINDOWS\system32\ati2evxx.exe ()

PRC - C:\WINDOWS\system32\ati2evxx.exe ()

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()

PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc)

PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)





========== Modules (SafeList) ==========



MOD - C:\Documents and Settings\Jessyca\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\xgusb.cpl (YAMAHA Corp.)





========== Win32 Services (SafeList) ==========



SRV - (aspnet_state) -- File not found

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (OpenCASE Media Agent) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe ()

SRV - (wltrysvc) -- C:\WINDOWS\System32\wltrysvc.exe ()

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (TermService) -- C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)

SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ’’’’2‘|–‘|ė‘|;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ



========== FireFox ==========



FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.57015

FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007

FF - prefs.js..extensions.enabledItems: tabcounter@morac:1.8.4

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2

FF - prefs.js..extensions.enabledItems: tabpopup@adarsh.tp:1.2.1

FF - prefs.js..extensions.enabledItems: {97c7d43c-4182-49b8-9b04-b78fed89d7fb}:1.2.3

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="





FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/10 16:53:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 15:09:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 15:09:58 | 00,000,000 | ---D | M]



[2009/09/03 23:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Extensions

[2009/09/03 23:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/16 05:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions

[2009/11/08 18:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/09/28 16:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}

[2008/03/10 05:27:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}

[2009/09/04 00:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/09/28 16:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}

[2009/10/14 15:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2009/09/28 16:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

[2009/09/03 23:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\foxmarks@kei.com

[2008/02/14 17:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\moveplayer@movenetworks.com

[2009/11/11 03:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\tabcounter@morac

[2009/09/28 17:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Mozilla\Firefox\Profiles\9ei9ciqw.default\extensions\tabpopup@adarsh.tp

[2009/09/03 23:45:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/09 15:09:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/09 15:09:53 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/09 15:09:54 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/11/09 15:09:55 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2006/02/19 16:57:14 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2005/09/20 21:22:49 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2005/12/24 13:07:10 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2005/12/24 13:07:10 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2005/12/24 13:07:11 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2005/12/24 13:07:11 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2005/12/24 13:07:11 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2006/02/19 16:57:40 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2006/02/19 16:57:01 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2008/02/15 16:42:58 | 00,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2009/09/03 23:57:19 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/03 23:57:19 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/09/03 23:57:19 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/03 23:57:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/03 23:57:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/03 23:57:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.

O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll File not found

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: wininet.dll =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252560745282 (MUWebControl Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell - "" = AutoRun

O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell - "" = AutoRun

O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found



NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/08/07 00:00:28 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)



========== Files/Folders - Created Within 14 Days ==========



[2009/11/21 14:43:07 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessyca\Desktop\OTL.exe

[2009/11/17 12:37:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Website

[2009/11/17 08:12:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Documents\RootRepeal.exe

[2009/11/15 18:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jessyca\My Documents\My Stuff

[2009/11/13 00:17:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Robert Jordan - The Wheel of Time

[2009/11/12 09:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\MediaMonkey

[2009/11/12 09:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey

[2009/11/11 03:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2009/11/11 03:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jessyca\Application Data\uTorrent

[2009/11/08 18:17:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2005/09/20 20:49:36 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]



========== Files - Modified Within 14 Days ==========



[2009/11/21 14:46:56 | 00,346,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/21 14:46:56 | 00,054,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/21 14:46:55 | 00,405,892 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/21 14:43:18 | 00,000,772 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/21 14:43:18 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/21 14:43:18 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/11/21 14:42:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/21 14:42:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/21 14:41:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/21 14:41:54 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/21 14:41:15 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessyca\Desktop\OTL.exe

[2009/11/21 14:24:55 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\Jessyca\NTUSER.DAT

[2009/11/21 14:24:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jessyca\ntuser.ini

[2009/11/21 12:39:45 | 45,542,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/21 12:39:19 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/18 22:16:12 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 18:32:48 | 00,660,918 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\furelise.pdf

[2009/11/18 17:41:02 | 00,023,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5Done.docx

[2009/11/18 15:38:32 | 00,023,980 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5.docx

[2009/11/18 14:42:00 | 00,019,283 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_3.docx

[2009/11/17 18:51:08 | 00,015,180 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\JessycaFinnerty_Unit5.docx

[2009/11/17 08:12:27 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\settings.dat

[2009/11/17 08:11:27 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Documents\RootRepeal.exe

[2009/11/17 08:06:10 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\dds.scr

[2009/11/16 05:41:20 | 00,003,191 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bio2.html

[2009/11/14 20:29:42 | 00,002,613 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bio.html

[2009/11/12 09:14:43 | 01,662,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/10 08:16:22 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/08 18:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jessyca\My Documents\Forever and a Day.pdf

[2009/11/08 13:52:12 | 00,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Project2.html

[2009/11/08 13:38:37 | 00,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Project 2

[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]



========== Files Created - No Company Name ==========



[2009/11/18 18:32:51 | 00,660,918 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\furelise.pdf

[2009/11/18 17:18:51 | 00,023,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5Done.docx

[2009/11/18 15:03:41 | 00,023,980 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_5.docx

[2009/11/18 14:52:43 | 00,015,180 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\JessycaFinnerty_Unit5.docx

[2009/11/18 14:42:19 | 00,019,283 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Daniel_Quintero-CM106-Project_3.docx

[2009/11/17 08:12:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\settings.dat

[2009/11/17 08:06:40 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\dds.scr

[2009/11/16 05:37:16 | 00,003,191 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bio2.html

[2009/11/15 10:23:47 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys

[2009/11/14 20:29:41 | 00,002,613 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bio.html

[2009/11/08 18:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jessyca\My Documents\Forever and a Day.pdf

[2009/11/08 13:49:10 | 00,002,121 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Project2.html

[2009/11/08 13:39:46 | 00,002,001 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Project 2

[2007/11/14 04:21:42 | 00,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys

[2007/11/11 03:48:36 | 00,405,588 | ---- | C] () -- C:\WINDOWS\System32\vc6-stlport-re300l.dll

[2007/11/11 03:48:15 | 00,001,622 | ---- | C] () -- C:\Program Files\ALLTEL Internet Accelerator Client setup.log

[2007/08/18 12:40:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HOME.INI

[2007/01/20 19:04:00 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2007/01/20 18:59:03 | 00,004,274 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/11/16 07:47:44 | 00,090,936 | ---- | C] () -- C:\Documents and Settings\Jessyca\Application Data\GDIPFONTCACHEV1.DAT

[2006/07/26 15:47:45 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/06/10 22:44:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2006/04/26 23:39:39 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\fusioncache.dat

[2006/04/10 11:45:14 | 00,000,386 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI

[2006/04/04 22:46:37 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll

[2006/02/28 03:36:43 | 00,000,166 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/02/24 09:00:59 | 06,918,032 | -H-- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\IconCache.db

[2006/02/19 02:09:50 | 00,000,051 | ---- | C] () -- C:\WINDOWS\ezmacros.INI

[2006/01/15 23:53:49 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Jessyca\Application Data\PFP120JPR.{PB

[2006/01/15 23:53:49 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Jessyca\Application Data\PFP120JCM.{PB

[2006/01/14 03:13:12 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2005/11/21 20:03:14 | 00,104,360 | ---- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2005/11/21 18:58:40 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Jessyca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/10/11 14:56:48 | 00,000,520 | ---- | C] () -- C:\WINDOWS\unezmac.ini

[2005/09/29 20:46:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jessyca\Application Data\desktop.ini

[2005/09/29 19:47:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/09/28 20:32:47 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/09/20 21:37:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/09/20 21:25:16 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/09/20 21:12:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2005/09/20 20:49:36 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2005/09/20 20:49:16 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/10 12:51:28 | 00,000,772 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2002/03/16 19:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000099.DLL

[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini



========== LOP Check ==========



[2009/11/05 19:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/03/10 05:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia

[2005/10/06 15:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions

[2006/10/04 20:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam

[2008/03/10 05:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/02/27 00:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2007/11/16 22:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2006/12/19 11:56:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)

[2007/12/04 17:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO

[2009/09/28 22:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\.purple

[2006/01/18 18:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Aim

[2006/03/31 16:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\CiscoCAA

[2006/01/15 23:53:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Corel

[2008/03/09 21:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\gtk-2.0

[2007/02/01 06:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\ICAClient

[2006/01/06 23:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Learn2.com

[2009/09/04 07:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\MSNInstaller

[2005/10/02 18:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Musicmatch

[2007/02/10 07:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Netscape

[2007/11/11 03:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Smith Micro

[2006/06/12 01:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\Toshiba

[2009/11/17 10:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jessyca\Application Data\uTorrent

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/21 14:42:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT



========== Purity Check ==========







========== Custom Scans ==========





< %SYSTEMDRIVE%\*.exe



>




< %SYSTEMDRIVE%\eventlog.dll /s /md5



>


[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]



< %SYSTEMDRIVE%\scecli.dll /s /md5



>


[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]



< %SYSTEMDRIVE%\netlogon.dll /s /md5



>


[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]



< %SYSTEMDRIVE%\cngaudit.dll /s /md5



>




< %SYSTEMDRIVE%\sceclt.dll /s /md5



>




< %SYSTEMDRIVE%\ntelogon.dll /s /md5



>




< %SYSTEMDRIVE%\logevent.dll /s /md5



>




< %SYSTEMDRIVE%\iaStor.sys /s /md5



>




< %SYSTEMDRIVE%\nvstor.sys /s /md5



>




< %SYSTEMDRIVE%\atapi.sys /s /md5



>


[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys



< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5



>




< %SYSTEMDRIVE%\viasraid.sys /s /md5



>




< %SYSTEMDRIVE%\AGP440.sys /s /md5



>


[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\agp440.sys

[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS



< %SYSTEMDRIVE%\vaxscsi.sys /s /md5



>


< End of report >


OTL Extras logfile created on: 11/21/2009 2:47:31 PM - Run 1

OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Jessyca\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1023.23 Mb Total Physical Memory | 544.98 Mb Available Physical Memory | 53.26% Memory free

1.28 Gb Paging File | 0.93 Gb Available in Paging File | 72.84% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.98 Gb Total Space | 48.83 Gb Free Space | 68.80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: ODIN

Current User Name: Jessyca

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan



========== Extra Registry (SafeList) ==========





========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)



[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



========== Shell Spawning ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002



========== Authorized Applications List ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found

"C:\Program Files\aim.exe" = C:\Program Files\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\aim.exe" = C:\Program Files\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\WINDOWS\system32\requester.11.exe" = C:\WINDOWS\system32\requester.11.exe:*:Enabled:requester.11 -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found

"C:\Program Files\QGO\Legend of MIr3\Mir3Patch.exe" = C:\Program Files\QGO\Legend of MIr3\Mir3Patch.exe:*:Enabled:Mir3Patch -- File not found

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found

"C:\Program Files\Common Files\AOL\1137226492\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1137226492\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found

"C:\Program Files\Common Files\AOL\1137226492\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1137226492\ee\aim6.exe:*:Enabled:AIM -- File not found

"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Documents and Settings\Jessyca\My Documents\My Music\games\AOE2AOK\empires2.EXE" = C:\Documents and Settings\Jessyca\My Documents\My Music\games\AOE2AOK\empires2.EXE:*:Enabled:Age of Empires II -- File not found

"C:\Documents and Settings\Jessyca\My Documents\My Music\Empire Earth.exe" = C:\Documents and Settings\Jessyca\My Documents\My Music\Empire Earth.exe:*:Enabled:Empire Earth -- File not found

"C:\Program Files\Empire Earth\Empire Earth.exe" = C:\Program Files\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- File not found

"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found

"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Common Files\AOL\1150012326\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1150012326\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found

"C:\Program Files\Common Files\AOL\1150012326\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1150012326\ee\aim6.exe:*:Enabled:AIM -- File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found

"C:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NettGain1200_C.exe" = C:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NettGain1200_C.exe:*:Enabled:NettGain1100_C -- File not found

"C:\Program Files\mIRC\backup\mirc.exe" = C:\Program Files\mIRC\backup\mirc.exe:*:Enabled:mIRC -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)

"C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Enabled:NBC Direct Beta -- File not found

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)





========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in

"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player

"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"ATI Display Driver" = ATI Display Driver

"AVG9Uninstall" = AVG Free 9.0

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem

"Connection Manager" = Microsoft Connection Manager

"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ERUNT_is1" = ERUNT 1.1j

"EZMacros" = EZ Macros

"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2

"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaMonkey_is1" = MediaMonkey 3.1

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Pidgin" = Pidgin

"QuickLink Mobile" = QuickLink Mobile

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer

"Security Toolbar" = Security Toolbar

"StreetPlugin" = Learn2 Player (Uninstall Only)

"uTorrent" = µTorrent

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VLC media player 1.0.1

"VV_Outloud_En_US" = IBM ViaVoice Outloud Runtime - US English

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update



========== Last 10 Event Log Errors ==========



[ Application Events ]

Error - 11/14/2009 12:03:52 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting

module unknown, version 0.0.0.0, fault address 0x024d9c01.



Error - 11/14/2009 12:09:17 PM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/15/2009 8:25:03 AM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application uTorrent.exe, version 1.8.4.16688, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/15/2009 11:25:03 AM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting

module unknown, version 0.0.0.0, fault address 0x01559c01.



Error - 11/15/2009 7:50:22 PM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application uTorrent.exe, version 1.8.4.16688, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/17/2009 12:44:23 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x02089c01.



Error - 11/17/2009 12:44:43 PM | Computer Name = ODIN | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 11/17/2009 1:31:29 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x02739c01.



Error - 11/21/2009 1:36:42 PM | Computer Name = ODIN | Source = Application Error | ID = 1000

Description = Faulting application NDP20-KB928365-X86.exe, version 1.0.569.1591,

faulting module NDP20-KB928365-X86.exe, version 1.0.569.1591, fault address 0x0001e103.



Error - 11/21/2009 1:37:14 PM | Computer Name = ODIN | Source = Application Error | ID = 1004

Description = Faulting application NDP20-KB928365-X86.exe, version 1.0.569.1591,

faulting module NDP20-KB928365-X86.exe, version 1.0.569.1591, fault address 0x0001e103.



[ System Events ]

Error - 11/21/2009 3:27:20 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The Windows Image Acquisition (WIA) service failed to start due to

the following error: %%1053



Error - 11/21/2009 3:27:20 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.



Error - 11/21/2009 3:27:20 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The Fax service failed to start due to the following error: %%1053



Error - 11/21/2009 3:28:51 PM | Computer Name = ODIN | Source = DCOM | ID = 10010

Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register

with DCOM within the required timeout.



Error - 11/21/2009 3:29:11 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7022

Description = The Automatic Updates service hung on starting.



Error - 11/21/2009 3:29:42 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.



Error - 11/21/2009 3:29:42 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053



Error - 11/21/2009 3:30:51 PM | Computer Name = ODIN | Source = DCOM | ID = 10010

Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register

with DCOM within the required timeout.



Error - 11/21/2009 3:42:14 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the OpenCASE Media Agent

service to connect.



Error - 11/21/2009 3:42:14 PM | Computer Name = ODIN | Source = Service Control Manager | ID = 7000

Description = The OpenCASE Media Agent service failed to start due to the following

error: %%1053





< End of report >

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 21 November 2009 - 11:07 PM

Hi,

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ’’’’2 ‘|–‘|ė‘|;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
    O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell - "" = AutoRun
    O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5b0872f0-937c-11da-a98c-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell - "" = AutoRun
    O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{dec7ea90-a4df-11db-aa40-00123ffa1415}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 30 November 2009 - 06:20 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users