Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible root kit... windows security alerts is saying Automatic updates is turned off


  • This topic is locked This topic is locked
7 replies to this topic

#1 waximoff

waximoff

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 27 May 2011 - 09:31 AM

Hello,
I followed the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" at http://www.bleepingcomputer.com/forums/topic34773.html before posting this. The only thing i could not do was step 5. I cannot access my firewall.

The problem started when powering on computer one day. The balloon for "windows security alerts" popped up and said that my computer might be at risk and that automatic updates is turned off. I went in my control panel and clicked on the security center icon. It showed that the auto updates WERE turned on.

Over the next hour or two funny things started happening. I would click on an mp3 or mpeg and the "Open with" box would pop up asking which program I'd like to use. The radio button underneath that allows you to associate the chosen program with that file type for now on was greyed out and not selectable. Now programs like photoshop and illustrator wont even boot up all the way. They start to load then the screen flickers and they shut right down.

It has now progressed to where I cant even click on the "security center" or "firewall" icon in the control panel. It says " C:\WINDOWS\system32\rundll32.exe Application not found" when I do.

Before I came here to try and read up on the symptoms , I restarted in safemode with networking. I ran rkill and had mixed results. Because the comp is is having problems opening any kind of .exe as it is, when i'd click on rkill the "open with" box came up asking what program to open it with. I'd navigate to to desktop and click on rkill again. Most of the time the little black box would come up but never say "terminating known malware" like usual. The screen would just go black and the box asking if I wanted to stay in safemode would come up. Finally, I ran rkill again but this time rapidly hitting the "x" in the "open with" prompt instead of navigating to rkill through the browse option. And it said it was killing a known malware. What came up was something about "sed.exe" and it was followed by saying that it couldn't read the "rks.1.log"

So there we have it. I'll attach the logs as requested in the tutorial. Thanks ahead of time for any help!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Owner at 14:25:48 on 2011-05-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2572 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~1\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eropocigezorije] rundll32.exe "c:\windows\apxefmsg.dll",Startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\nwuz56ke.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdeployJava1.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdnu.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdnupdater2.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2010-1-7 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-9 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 CIF USB CAMERA Service;CIF USB CAMERA;c:\windows\system32\drivers\pfc027.sys [2008-5-5 112380]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
.
=============== Created Last 30 ================
.
2011-05-24 22:56:06 -------- d-----w- C:\AVG10
2011-05-23 20:07:22 -------- d-----w- C:\the dll that errors
2011-05-06 15:46:20 6144 ----a-w- c:\windows\system32\escdev.dll
2011-05-06 15:46:19 64000 ----a-w- c:\windows\system32\esfw52.bin
2011-05-06 15:46:19 282624 ----a-w- c:\windows\system32\esint52.dll
2011-05-06 15:46:19 180224 ----a-w- c:\windows\system32\eswia52.dll
2011-05-06 15:46:19 -------- d-----w- c:\program files\epson
2011-05-06 15:46:08 -------- d-----w- C:\EPSON
2011-05-06 14:34:26 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 14:34:26 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 14:34:26 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 14:34:26 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 14:34:26 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 14:34:25 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-06 14:34:25 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 14:34:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-05-03 10:36:53 98304 ----a-w- c:\windows\DUMPa632.tmp
2011-04-20 16:43:27 81920 ----a-w- c:\windows\system32\nvmctray_AVG_RESTORED.dll
2011-04-20 16:43:27 81920 ----a-w- c:\windows\system32\NvMcTray.dll
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 14:26:35.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 31 May 2011 - 10:21 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 waximoff

waximoff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 01 June 2011 - 09:52 AM

Thank you for the response and I'm really glad you're chosen to help. I followed your instructions and downloaded the suggested tools. I will run hem and update back to you. Thanks.


Here are the scan results per your instructions.

OTL:
OTL logfile created on: 6/1/2011 11:09:30 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.06% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 12.28 Gb Free Space | 8.79% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1805.90 Gb Free Space | 96.93% Space Free | Partition Type: NTFS
Drive P: | 931.50 Gb Total Space | 3.41 Gb Free Space | 0.37% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/01 10:53:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/05/28 15:34:30 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/05/06 10:34:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgscanx.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2007/09/11 13:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\SAiDownloader.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/27 08:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 02:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/01/18 12:02:06 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 10:53:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/28 08:00:00 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2006/02/28 08:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/28 15:07:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/09/11 13:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/27 08:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 02:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/01/18 12:02:06 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/05 13:19:56 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/27 12:47:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/27 12:47:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/03 12:31:28 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/09/18 16:59:33 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/12 15:57:53 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/15 00:03:16 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/18 13:12:50 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\Program Files\SAi\SAi Production Suite1\Program\Par1284.sys -- (Par1284)
DRV - [2007/04/27 08:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 08:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/03/09 17:04:42 | 000,031,072 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/01/31 08:23:54 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 08:23:53 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/18 00:50:20 | 000,112,380 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (CIF USB CAMERA Service)
DRV - [2003/03/06 09:57:24 | 000,013,543 | ---- | M] (iRiver, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ifpusb.sys -- (IFPUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
IE - HKU\S-1-5-21-1085031214-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 13:01:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 10:34:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 10:34:30 | 000,000,000 | ---D | M]

[2008/09/14 16:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/31 11:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwuz56ke.default\extensions
[2010/04/28 11:37:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwuz56ke.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/22 17:36:27 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwuz56ke.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2009/10/17 11:52:46 | 000,000,000 | ---D | M] (firefusk) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwuz56ke.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2008/07/17 16:52:41 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwuz56ke.default\searchplugins\aim-search.xml
[2008/02/19 15:36:26 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwuz56ke.default\searchplugins\aolsearch.xml
[2011/05/06 10:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/16 19:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NWUZ56KE.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/05/11 13:01:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/02/16 19:42:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/06 10:34:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/16 19:42:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/06 10:34:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/20 12:55:09 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1085031214-688789844-839522115-1003..\Run: [Eropocigezorije] File not found
O4 - HKU\S-1-5-21-1085031214-688789844-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/14 10:54:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{04206117-6a1b-11dd-8cd2-0019d1a82b27}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{182e72a4-3b3b-11de-8d71-0019d1a82b27}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{182e72a4-3b3b-11de-8d71-0019d1a82b27}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{1850a51c-0c51-11e0-809a-0019d1a82b27}\Shell\AutoRun\command - "" = F:\launch.bat
O33 - MountPoints2\{21189425-0e7b-11de-8d4b-0019d1a82b27}\Shell\AutoRun\command - "" = F:\merckVaccine.exe
O33 - MountPoints2\{2ba7cad2-ed68-11dd-8d40-0019d1a82b27}\Shell\AutoRun\command - "" = E:\merckVaccine.exe
O33 - MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\Shell - "" = AutoRun
O33 - MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{bbb288a7-7c00-11dc-8bc3-0019d18631d6}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bd855bdb-87c1-11dc-8be2-0019d1a82b27}\Shell\AutoRun\command - "" = E:\merckVaccine.exe
O33 - MountPoints2\{e384d1c1-0365-11de-8d44-0019d1a82b27}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{e384d1c1-0365-11de-8d44-0019d1a82b27}\Shell\slacker\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\Shell - "" = AutoRun
O33 - MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\.\EncryptionTool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1085031214-688789844-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 10:53:38 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/28 15:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aB06511CfBmB06511
[2011/05/26 14:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2011/05/24 18:56:06 | 000,000,000 | ---D | C] -- C:\AVG10
[2011/05/24 18:54:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/23 16:07:22 | 000,000,000 | ---D | C] -- C:\the dll that errors
[2011/05/18 19:46:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/05/12 11:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\videos
[2011/05/12 11:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\pictures
[2011/05/06 11:46:20 | 000,006,144 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escdev.dll
[2011/05/06 11:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
[2011/05/06 11:46:19 | 000,282,624 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esint52.dll
[2011/05/06 11:46:19 | 000,180,224 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\eswia52.dll
[2011/05/06 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2011/05/06 11:46:08 | 000,000,000 | ---D | C] -- C:\EPSON
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/01 10:53:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/01 10:52:59 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/06/01 10:46:22 | 116,835,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/01 10:42:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 10:40:43 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/06/01 10:40:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/30 18:23:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/30 18:11:10 | 000,189,440 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 11:10:52 | 000,005,828 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Default_EXE.reg
[2011/05/26 16:19:15 | 015,319,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SAS_153A51.COM
[2011/05/26 14:29:10 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/05/26 14:14:08 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/05/26 14:11:02 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/05/25 13:12:30 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/05/24 21:18:54 | 000,001,468 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
[2011/05/24 21:18:54 | 000,001,468 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
[2011/05/24 18:55:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 21:59:38 | 000,006,144 | ---- | M] () -- C:\palm.grf
[2011/05/19 16:58:04 | 009,368,236 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Magic BMX Frame Sticker.tif
[2011/05/19 10:21:14 | 000,016,652 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ueu4ue45lg20w7c4ddf
[2011/05/19 10:21:14 | 000,016,652 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf
[2011/05/17 12:45:19 | 003,060,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/16 15:16:51 | 000,126,404 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/11 13:01:29 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/06 11:46:21 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 10:53:04 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/05/27 11:10:56 | 000,005,828 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Default_EXE.reg
[2011/05/26 16:22:51 | 015,319,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SAS_153A51.COM
[2011/05/26 14:29:11 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/05/26 14:14:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/05/26 14:11:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/05/24 21:18:54 | 000,001,468 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
[2011/05/24 21:18:54 | 000,001,468 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
[2011/05/24 18:55:56 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/05/20 07:54:48 | 009,368,236 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Magic BMX Frame Sticker.tif
[2011/05/18 20:05:33 | 000,016,652 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ueu4ue45lg20w7c4ddf
[2011/05/18 20:05:33 | 000,016,652 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf
[2011/05/13 14:01:34 | 003,310,317 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2011SignMasterRetail.pdf
[2011/05/13 14:01:34 | 003,203,655 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2011SignMasterWholesale.pdf
[2011/05/06 11:46:20 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/05/06 11:46:19 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw52.bin
[2011/05/06 10:34:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/01 20:15:51 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20700980r
[2011/04/01 20:15:51 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20700980
[2011/04/01 20:15:23 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20700980
[2010/01/25 16:34:55 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/12/27 19:49:02 | 000,225,796 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/09 13:06:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/09 13:06:15 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/07/09 13:06:15 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/09 13:06:15 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/07/09 13:06:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/09 13:06:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/09 13:06:15 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/07/09 13:06:15 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/07/09 13:05:48 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2009/07/09 13:05:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/07/03 12:31:28 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/12/26 19:35:38 | 000,004,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/12/26 19:09:24 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/09/26 01:53:19 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2008/09/26 01:53:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2008/09/25 15:49:50 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/23 03:09:52 | 000,002,438 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2008/08/07 15:24:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\qscl.dll
[2008/08/07 15:24:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\ammpp.dll
[2008/08/07 15:24:59 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/07 15:24:59 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qcpsdk.dll
[2008/08/07 15:24:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\a1.dll
[2008/08/07 11:31:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/07/12 16:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/04 19:46:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/05/05 14:17:42 | 000,217,088 | ---- | C] () -- C:\WINDOWS\select3a.exe
[2008/05/05 14:17:42 | 000,112,380 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2008/05/05 14:17:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2007/12/26 18:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/08 11:55:56 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/10/31 10:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/10/27 06:33:57 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/10/23 10:50:11 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/10/23 10:50:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/10/23 10:49:52 | 000,000,885 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/10/23 10:49:52 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/10/23 10:49:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/10/23 10:49:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/10/23 10:48:34 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/09/26 23:25:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/26 23:25:51 | 000,189,440 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/15 14:17:03 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/09/14 11:25:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/14 11:23:08 | 000,001,411 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/14 11:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/14 10:55:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/09/14 10:52:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/14 06:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/14 06:29:27 | 003,060,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/25 16:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,443,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,072,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,007,410 | ---- | C] () -- C:\WINDOWS\System32\wwnt.dll
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/26 17:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/01/27 08:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D55F0AC

< End of report >


And the Extras:
OTL Extras logfile created on: 6/1/2011 11:09:30 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.06% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 12.28 Gb Free Space | 8.79% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1805.90 Gb Free Space | 96.93% Space Free | Partition Type: NTFS
Drive P: | 931.50 Gb Total Space | 3.41 Gb Free Space | 0.37% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1085031214-688789844-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"9100:TCP" = 9100:TCP:*:Enabled:valuejet
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"9101:TCP" = 9101:TCP:*:Enabled:valuejet

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"D:\Trillian\trillian.exe" = D:\Trillian\trillian.exe:*:Enabled:Trillian
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe" = C:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe:*:Enabled:MXvsATV
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Documents and Settings\Owner\Local Settings\Temp\~os7A.tmp\ossproxy.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\~os7A.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager
"C:\Program Files\Your Uninstaller 2006\uruninstaller.exe" = C:\Program Files\Your Uninstaller 2006\uruninstaller.exe:*:Enabled:Your Uninstaller! 2006
"C:\Program Files\Bodog Poker\BPGame.exe" = C:\Program Files\Bodog Poker\BPGame.exe:*:Enabled:Bodog Poker -- (Bodog)
"C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe" = C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe:*:Enabled:Retrospect Express HD -- (EMC Corporation)
"C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe" = C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service -- (EMC Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
"C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\App2.exe" = C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\App2.exe:*:Enabled:Production Manager -- (SA International)
"C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\app.exe" = C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\app.exe:*:Enabled:FlexiSIGN-PRO 8.1v1 -- (SA International)
"C:\Program Files\SAi\SAi Production Suite\Program\app2.exe" = C:\Program Files\SAi\SAi Production Suite\Program\app2.exe:*:Enabled:Production Manager 8.5v1
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Program Files\SAi\SAi Production Suite1\Program\app2.exe" = C:\Program Files\SAi\SAi Production Suite1\Program\app2.exe:*:Enabled:Production Manager 8.5v1 -- (SA International)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Java\jre1.6.0_07\bin\java.exe" = C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{072D2077-9E22-4F7F-B817-A92CA6CCC843}" = iriver Music Manager
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D6BA2B7-E76C-4E04-939F-625F8F69EE63}" = Sentinel Protection Installer 7.3.1
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1F35A7-8EA0-43B5-AEAF-B0B9AB1BEF97}" = iRiver Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34ACF0AB-D649-47DC-A90C-6DF34C270D78}" = Intel Audio Studio 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{59421FC0-295B-400F-AA69-40633D4CFBEC}" = Special Forces
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5E5CA6E6-1CDC-4A28-BB06-74CF00040718}" = SAi Production Suite1
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D9A9AA-3416-4651-B165-57DB30733E9E}" = Movavi Video Converter 6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9985ABB2-14F3-4825-B5AF-0EFB23F715CB}" = Badongo
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A005B38F-D5AB-4E35-93DD-9886E449FAF1}" = Palm
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BF901F72-A7E8-4F3C-9E70-5E1B8FD05CEB}" = ResumeMaker Ultimate
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC40FA96-9445-4EF4-8DDB-5DADF5F01BA8}" = AVG 2011
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D46A205E-941A-4813-B26E-AB820B75FA4C}" = FlexiSIGN-PRO 8.1v1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"AccessDiver v4.402_is1" = AccessDiver v4.402
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AIM_7" = AIM 7
"AVG" = AVG 2011
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"BitTornado" = BitTornado 0.3.17
"Bodog Poker_is1" = Bodog Poker Version 2.16.3.49
"BulentsScreenRecorder4" = Bulent's Screen Recorder 4
"CDisplay_is1" = CDisplay 1.8
"CIF USB CAMERA" = CIF USB CAMERA
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DupeRAZOR - Duplicate Files Removal Kit_is1" = DupeRAZOR 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"FlashGet" = FlashGet 1.9.6.1073
"Forum Proxy Leecher_is1" = Forum Proxy Leecher 1.10
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 5.02
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NewsBin5" = NewsBin Pro
"PokerStars" = PokerStars
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2011 3:18:29 PM | Computer Name = WORKSTATION1 | Source = Application Error | ID = 1000
Description = Faulting application app2.exe, version 8.0.0.1, faulting module userregistration.dll,
version 1.0.0.1, fault address 0x000351ba.

Error - 5/20/2011 1:00:08 PM | Computer Name = WORKSTATION1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00100380.

Error - 5/24/2011 6:54:15 PM | Computer Name = WORKSTATION1 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Insufficient system resources
exist to complete the requested service. for C:\Documents and Settings\Owner\ntuser.dat

Error - 5/24/2011 6:54:27 PM | Computer Name = WORKSTATION1 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Insufficient system resources exist
to complete the requested service.

Error - 5/24/2011 6:55:52 PM | Computer Name = WORKSTATION1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 5/25/2011 2:27:24 PM | Computer Name = WORKSTATION1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/27/2011 3:36:25 PM | Computer Name = WORKSTATION1 | Source = Application Error | ID = 1000
Description = Faulting application app.exe, version 8.0.0.1, faulting module fscore.dll,
version 8.0.0.1, fault address 0x0004f603.

Error - 5/27/2011 4:07:45 PM | Computer Name = WORKSTATION1 | Source = Application Error | ID = 1000
Description = Faulting application app.exe, version 8.0.0.1, faulting module fscore.dll,
version 8.0.0.1, fault address 0x0004f603.

Error - 5/27/2011 4:50:06 PM | Computer Name = WORKSTATION1 | Source = Application Error | ID = 1000
Description = Faulting application app.exe, version 8.0.0.1, faulting module fscore.dll,
version 8.0.0.1, fault address 0x0004f603.

Error - 5/27/2011 5:02:10 PM | Computer Name = WORKSTATION1 | Source = Application Error | ID = 1000
Description = Faulting application app.exe, version 8.0.0.1, faulting module mfc71.dll,
version 7.10.6030.0, fault address 0x000acc83.

[ System Events ]
Error - 5/30/2011 2:23:47 PM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 5/31/2011 9:04:40 AM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The iRiver Internet Audio Player IFP-100 service failed to start due
to the following error: %%1058

Error - 5/31/2011 9:04:40 AM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/31/2011 9:04:40 AM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 5/31/2011 10:59:29 PM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The iRiver Internet Audio Player IFP-100 service failed to start due
to the following error: %%1058

Error - 5/31/2011 10:59:29 PM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/31/2011 10:59:29 PM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 6/1/2011 10:40:47 AM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The iRiver Internet Audio Player IFP-100 service failed to start due
to the following error: %%1058

Error - 6/1/2011 10:40:47 AM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/1/2011 10:40:47 AM | Computer Name = WORKSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20


< End of report >

Edited by waximoff, 01 June 2011 - 10:22 AM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 01 June 2011 - 05:24 PM

Hi!

Do you happen to have the RKU log?

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    FF - prefs.js..network.proxy.type: 4
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
    O3 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1085031214-688789844-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\S-1-5-21-1085031214-688789844-839522115-1003..\Run: [Eropocigezorije] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O33 - MountPoints2\{04206117-6a1b-11dd-8cd2-0019d1a82b27}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
    O33 - MountPoints2\{182e72a4-3b3b-11de-8d71-0019d1a82b27}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe
    O33 - MountPoints2\{182e72a4-3b3b-11de-8d71-0019d1a82b27}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe
    O33 - MountPoints2\{1850a51c-0c51-11e0-809a-0019d1a82b27}\Shell\AutoRun\command - "" = F:\launch.bat
    O33 - MountPoints2\{21189425-0e7b-11de-8d4b-0019d1a82b27}\Shell\AutoRun\command - "" = F:\merckVaccine.exe
    O33 - MountPoints2\{2ba7cad2-ed68-11dd-8d40-0019d1a82b27}\Shell\AutoRun\command - "" = E:\merckVaccine.exe
    O33 - MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\Shell - "" = AutoRun
    O33 - MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{bbb288a7-7c00-11dc-8bc3-0019d18631d6}\Shell\AutoRun\command - "" = F:\setupSNK.exe
    O33 - MountPoints2\{bd855bdb-87c1-11dc-8be2-0019d1a82b27}\Shell\AutoRun\command - "" = E:\merckVaccine.exe
    O33 - MountPoints2\{e384d1c1-0365-11de-8d44-0019d1a82b27}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
    O33 - MountPoints2\{e384d1c1-0365-11de-8d44-0019d1a82b27}\Shell\slacker\command - "" = slacker.synclauncher.exe
    O33 - MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\Shell - "" = AutoRun
    O33 - MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\.\EncryptionTool\MaxtorEncryption.exe
    [2011/05/28 15:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aB06511CfBmB06511
    [2011/05/24 21:18:54 | 000,001,468 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
    [2011/05/24 21:18:54 | 000,001,468 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
    [2011/05/19 10:21:14 | 000,016,652 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ueu4ue45lg20w7c4ddf
    [2011/05/19 10:21:14 | 000,016,652 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf
    [2011/05/24 21:18:54 | 000,001,468 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
    [2011/05/24 21:18:54 | 000,001,468 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar
    [2011/05/18 20:05:33 | 000,016,652 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ueu4ue45lg20w7c4ddf
    [2011/05/18 20:05:33 | 000,016,652 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf
    [2011/04/01 20:15:51 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20700980r
    [2011/04/01 20:15:51 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20700980
    [2011/04/01 20:15:23 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20700980
    
    :Reg
    
    :Files
    C:\Documents and Settings\All Users\Application Data\aB06511CfBmB06511
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 waximoff

waximoff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 01 June 2011 - 06:37 PM

Here is the log from OTL. Would you like me to copy and paste the rkl log or attach it?

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6078e1aa-1d3e-11de-8d54-0019d1a82b27}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb288a7-7c00-11dc-8bc3-0019d18631d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bbb288a7-7c00-11dc-8bc3-0019d18631d6}\ not found.
File F:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd855bdb-87c1-11dc-8be2-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd855bdb-87c1-11dc-8be2-0019d1a82b27}\ not found.
File E:\merckVaccine.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e384d1c1-0365-11de-8d44-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e384d1c1-0365-11de-8d44-0019d1a82b27}\ not found.
File slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e384d1c1-0365-11de-8d44-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e384d1c1-0365-11de-8d44-0019d1a82b27}\ not found.
File slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79d7612-9c2f-11df-805b-0019d1a82b27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79d7612-9c2f-11df-805b-0019d1a82b27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79d7612-9c2f-11df-805b-0019d1a82b27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79d7612-9c2f-11df-805b-0019d1a82b27}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\.\EncryptionTool\MaxtorEncryption.exe not found.
Folder C:\Documents and Settings\All Users\Application Data\aB06511CfBmB06511\ not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar not found.
File C:\Documents and Settings\All Users\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\ueu4ue45lg20w7c4ddf not found.
File C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar not found.
File C:\Documents and Settings\All Users\Application Data\833k1j6332xvwk47jj41y33hx1s63itemar not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\ueu4ue45lg20w7c4ddf not found.
File C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf not found.
File C:\Documents and Settings\All Users\Application Data\~20700980r not found.
File C:\Documents and Settings\All Users\Application Data\~20700980 not found.
File C:\Documents and Settings\All Users\Application Data\20700980 not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\aB06511CfBmB06511 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_193552

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 01 June 2011 - 06:40 PM

Please post it. I try to avoid having my users attach files for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 04 June 2011 - 09:15 AM

Do you happen to have the RKU log for me to review?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 06 June 2011 - 11:08 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users