rootless
2009-08-30, 05:36
The usual, and it can't get rid of it. I have tried a number of piecemeal fixes. No luck yet. I am posting logs from OTL and GMER
OTL, minimal output and no other options
EXTRAS.TXT
OTL Extras logfile created on: 8/29/2009 7:29:47 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Pryor\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.92 Mb Total Physical Memory | 268.78 Mb Available Physical Memory | 26.28% Memory free
1.88 Gb Paging File | 1.25 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): C:\pagefile.sys 999 1999 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.91 Gb Total Space | 0.57 Gb Free Space | 3.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IRIS
Current User Name: Pryor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo Messenger\YPager.exe" = C:\Program Files\Yahoo Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo Messenger\YServer.exe" = C:\Program Files\Yahoo Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Support.com\Bin\tgcmd.exe" = C:\Program Files\Support.com\Bin\tgcmd.exe:*:Enabled:ComcastSUPPORT / Support.com Agent -- File not found
"C:\Program Files\Mozilla\Firefox\firefox.exe" = C:\Program Files\Mozilla\Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\Linksys\LogViewer\LogViewer.exe" = C:\Program Files\Linksys\LogViewer\LogViewer.exe:*:Enabled:LogViewer -- ()
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:Orb -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\gnnsflbi.exe" = C:\WINDOWS\system32\gnns0,558,080 | ---- | M] (
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Mozilla\Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla\Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{4EBDDD97-BC33-4F4C-8DF3-4FA4D83DF84E}" = Retrospect 7.6
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{707CF19F-3948-4313-A5D4-9FBC256A2A53}" = PenCam SD Manager
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F1F721BF-040C-4096-988A-1DB01EB73B0C}" = TPNala Wallpaper
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Java Web Start" = Java Web Start
"LogViewer" = LogViewer
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SeaMonkey (1.1.5)" = SeaMonkey (1.1.5)
"Support.com" = Support.com Software
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/25/2009 2:31:17 PM | Computer Name = IRIS | Source = Application Error | ID = 1004
Description = Faulting application cidaemon.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x1000b9c0.
Error - 8/25/2009 2:31:39 PM | Computer Name = IRIS | Source = Application Error | ID = 1004
Description = Faulting application cidaemon.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x1000b9c0.
Error - 8/25/2009 2:32:53 PM | Computer Name = IRIS | Source = Application Error | ID = 1001
Description = Fault bucket 11778035.
Error - 8/25/2009 3:39:29 PM | Computer Name = IRIS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/25/2009 3:39:31 PM | Computer Name = IRIS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/25/2009 3:39:31 PM | Computer Name = IRIS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/26/2009 5:34:24 PM | Computer Name = IRIS | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module b.exe,
version 0.0.0.0, fault address 0x000173d2.
Error - 8/26/2009 5:50:37 PM | Computer Name = IRIS | Source = Application Error | ID = 1001
Description = Fault bucket 1433048275.
Error - 8/26/2009 5:51:08 PM | Computer Name = IRIS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 8/26/2009 5:51:31 PM | Computer Name = IRIS | Source = Application Error | ID = 1001
Description = Fault bucket 00000008.
[ System Events ]
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
< End of report >
OTL... OTL.TXT
OTL logfile created on: 8/29/2009 7:29:47 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Pryor\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.92 Mb Total Physical Memory | 268.78 Mb Available Physical Memory | 26.28% Memory free
1.88 Gb Paging File | 1.25 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): C:\pagefile.sys 999 1999 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.91 Gb Total Space | 0.57 Gb Free Space | 3.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IRIS
Current User Name: Pryor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\QCONSVC.EXE ()
PRC - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe (EMC Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\mqsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\System32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Documents and Settings\Pryor\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Pryor\Desktop\virus\di6ksn79.exe ()
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\System32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (PLSRemoteSvc [On_Demand | Stopped]) -- File not found
SRV - (QCONSVC [Auto | Running]) -- C:\WINDOWS\System32\QCONSVC.EXE ()
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe (EMC Corporation)
SRV - (Retrospect Helper [Auto | Stopped]) -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe (EMC Corporation)
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (vsmon [On_Demand | Stopped]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Ca100v [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Ca100v.sys (Digital Camera)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FA411 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA411ND5.sys (NETGEAR Inc. )
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys (IBM Corp.)
DRV - (IBMTPCHK [System | Running]) -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS ()
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (PMEM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (S3SSavage [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Smapint [System | Running]) -- C:\WINDOWS\System32\drivers\Smapint.sys (Microsoft Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TDSMAPI [System | Running]) -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TPPWR [System | Running]) -- C:\WINDOWS\System32\drivers\Tppwr.sys (IBM Corp.)
DRV - (TSMAPIP [System | Running]) -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS ()
DRV - (TwoTrack [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\TwoTrack.sys (IBM Corporation)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBCamera [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Bulk100.sys (USB BULK)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&tab=wn"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/25 09:32:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/16 13:59:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/29 09:35:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/29 09:35:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla\Thunderbird\components [2009/08/22 11:25:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla\Thunderbird\plugins [2009/05/03 13:43:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.5\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/05/03 13:19:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/05/03 13:43:37 | 00,000,000 | ---D | M]
[2008/09/26 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Extensions
[2008/09/26 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/25 11:30:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Firefox\Profiles\xge1g76p.default\extensions
[2009/01/03 11:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Firefox\Profiles\xge1g76p.default\extensions\ubiquity@labs.mozilla.com
[2008/10/11 19:28:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/29 09:35:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/29 09:35:16 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/29 09:35:17 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/29 09:35:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/11 18:01:54 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/08/29 09:35:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/29 09:35:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/29 09:35:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/29 09:35:38 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/29 09:35:38 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/29 09:35:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/29 09:35:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (305905 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10530 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {31F26F05-A35F-4590-9CE1-B4CE889193C8} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {60E049FF-E3C0-4E3B-8465-0077E11F9DE8} - No CLSID value found.
O2 - BHO: (no name) - {CF53F619-4C2E-400D-9EFD-AFBECCFDA5F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (IBM Corporation)
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143363414602 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\xxwww.dll) - C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\xxwww.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/04 09:03:40 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[2009/08/28 07:05:44 | 00,028,352 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/08/27 11:27:04 | 08,194,060 | ---- | C] () -- C:\Documents and Settings\Pryor\Desktop\vol4hmm.pdf
[2009/08/27 09:42:56 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/27 09:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/08/25 11:33:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pryor\Local Settings\Application Data\PCHealth
[2009/08/25 09:07:33 | 10,726,80960 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/24 13:41:19 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/24 13:29:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/08/24 13:28:11 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/24 13:28:11 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/24 13:28:11 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/17 11:54:36 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/16 13:57:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/16 13:56:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/16 13:56:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/16 13:55:01 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/16 13:55:00 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/16 13:55:00 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/16 13:54:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/16 13:54:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/16 13:54:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/16 13:54:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/16 13:54:57 | 00,000,000 | ---D | C] -- C:\57b7ffcf91c31769377fc0b69ff70727
[2009/08/05 02:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/05/03 09:29:42 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/05/03 09:29:42 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/05/03 09:29:01 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/05/03 09:29:00 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/05/03 09:28:57 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/03 09:28:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/05/02 18:45:52 | 00,000,357 | ---- | C] () -- C:\WINDOWS\wordwiz.ini
[2007/12/29 00:08:32 | 00,000,294 | -HS- | C] () -- C:\WINDOWS\System32\wkpqflrs.ini
[2007/12/28 00:12:19 | 00,000,714 | -HS- | C] () -- C:\WINDOWS\System32\rrkkbeqg.ini
[2007/12/27 13:18:48 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Sndrep.dll
[2007/12/27 13:18:47 | 00,000,720 | ---- | C] () -- C:\WINDOWS\COPERN32.INI
[2007/12/27 00:13:50 | 00,000,654 | -HS- | C] () -- C:\WINDOWS\System32\sprfapyd.ini
[2007/12/26 00:02:21 | 00,000,594 | -HS- | C] () -- C:\WINDOWS\System32\eyiuntvr.ini
[2007/12/25 00:01:38 | 00,000,534 | -HS- | C] () -- C:\WINDOWS\System32\mpdusfic.ini
[2007/12/24 00:00:58 | 00,000,474 | -HS- | C] () -- C:\WINDOWS\System32\ueyeehsr.ini
[2007/12/23 00:03:19 | 00,000,414 | -HS- | C] () -- C:\WINDOWS\System32\vcmgjswx.ini
[2007/12/14 02:08:56 | 00,937,321 | -HS- | C] () -- C:\WINDOWS\System32\pixoaqgn.ini
[2007/06/15 17:51:17 | 00,001,368 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/11 02:14:47 | 00,004,569 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/16 03:02:45 | 00,004,647 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/07/30 14:36:06 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/02/09 20:11:22 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/10/24 15:59:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/09/21 14:11:31 | 00,000,103 | ---- | C] () -- C:\WINDOWS\odbcisam.ini
[2003/09/21 14:11:27 | 00,000,058 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2003/09/21 14:08:57 | 00,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2003/09/21 14:00:31 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2003/09/21 14:00:16 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2003/09/04 12:52:55 | 00,000,457 | ---- | C] () -- C:\WINDOWS\fileman.ini
[2003/08/06 08:51:22 | 00,001,109 | ---- | C] () -- C:\WINDOWS\tlknw7.ini
[2003/08/06 08:48:09 | 00,000,402 | ---- | C] () -- C:\WINDOWS\wldtlk7.ini
[2003/07/14 12:55:42 | 00,000,575 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/05 14:58:30 | 00,000,224 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2003/07/05 10:41:06 | 00,001,046 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2003/07/04 10:37:23 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2003/07/04 10:37:23 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2003/07/04 10:37:23 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2003/07/04 10:37:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2003/07/04 10:37:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2003/07/04 10:37:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2003/07/04 10:37:23 | 00,014,380 | ---- | C] () -- C:\WINDOWS\Tw100.ini
[2003/07/04 10:37:23 | 00,014,118 | ---- | C] () -- C:\WINDOWS\USB_CAM.INI
[2003/07/04 10:37:23 | 00,001,722 | ---- | C] () -- C:\WINDOWS\Ca100.ini
[2003/07/04 10:37:23 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2003/07/03 01:25:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/05/27 07:13:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/27 07:13:02 | 00,001,112 | ---- | C] () -- C:\WINDOWS\System32\PX.INI
[2003/05/27 07:09:03 | 00,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/05/27 07:01:51 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2003/05/27 07:01:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2003/05/27 07:00:51 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2003/05/27 07:00:23 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/05/27 06:50:58 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/26 17:26:59 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1980/01/01 00:00:00 | 00,111,035 | ---- | C] () -- C:\WINDOWS\System32\SynTP.ini
[1980/01/01 00:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 00:00:00 | 00,051,915 | ---- | C] () -- C:\WINDOWS\System32\SynUnst.ini
[1980/01/01 00:00:00 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1980/01/01 00:00:00 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\SynTPEnh.ini
[1980/01/01 00:00:00 | 00,003,675 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,002,813 | ---- | C] () -- C:\WINDOWS\System32\IBM_DP.ini
[1980/01/01 00:00:00 | 00,000,278 | ---- | C] () -- C:\WINDOWS\system.ini
[1980/01/01 00:00:00 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
========== Files - Modified Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/29 17:43:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/29 17:39:44 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/08/29 17:38:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/29 17:38:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/29 17:38:26 | 10,726,80960 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 08:58:50 | 40,257,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/29 04:30:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/08/28 08:58:42 | 00,073,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/28 07:05:44 | 00,028,352 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/08/27 19:57:36 | 02,530,582 | -H-- | M] () -- C:\Documents and Settings\Pryor\Local Settings\Application Data\IconCache.db
[2009/08/27 11:30:01 | 08,194,060 | ---- | M] () -- C:\Documents and Settings\Pryor\Desktop\vol4hmm.pdf
[2009/08/27 11:11:51 | 00,004,569 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/27 09:38:04 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 09:37:38 | 00,001,046 | ---- | M] () -- C:\WINDOWS\WINWORD6.INI
[2009/08/27 09:30:12 | 00,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/27 09:29:43 | 00,028,352 | ---- | M] () -- C:\Documents and Settings\Pryor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/26 14:49:17 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/26 14:36:03 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/25 11:08:21 | 00,305,905 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/24 13:28:11 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/24 13:28:11 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/18 03:07:41 | 02,006,427 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/08/18 03:07:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 11:54:53 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/17 11:54:53 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/17 11:54:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/17 03:08:48 | 00,585,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/17 03:08:48 | 00,502,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/17 03:08:48 | 00,091,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/16 14:20:25 | 00,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/05 02:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 02:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
< End of report >
GMER RPT ON SEPARATE POST>>>
OTL, minimal output and no other options
EXTRAS.TXT
OTL Extras logfile created on: 8/29/2009 7:29:47 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Pryor\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.92 Mb Total Physical Memory | 268.78 Mb Available Physical Memory | 26.28% Memory free
1.88 Gb Paging File | 1.25 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): C:\pagefile.sys 999 1999 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.91 Gb Total Space | 0.57 Gb Free Space | 3.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IRIS
Current User Name: Pryor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo Messenger\YPager.exe" = C:\Program Files\Yahoo Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo Messenger\YServer.exe" = C:\Program Files\Yahoo Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Support.com\Bin\tgcmd.exe" = C:\Program Files\Support.com\Bin\tgcmd.exe:*:Enabled:ComcastSUPPORT / Support.com Agent -- File not found
"C:\Program Files\Mozilla\Firefox\firefox.exe" = C:\Program Files\Mozilla\Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\Linksys\LogViewer\LogViewer.exe" = C:\Program Files\Linksys\LogViewer\LogViewer.exe:*:Enabled:LogViewer -- ()
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:Orb -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\gnnsflbi.exe" = C:\WINDOWS\system32\gnns0,558,080 | ---- | M] (
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Mozilla\Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla\Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{4EBDDD97-BC33-4F4C-8DF3-4FA4D83DF84E}" = Retrospect 7.6
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{707CF19F-3948-4313-A5D4-9FBC256A2A53}" = PenCam SD Manager
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F1F721BF-040C-4096-988A-1DB01EB73B0C}" = TPNala Wallpaper
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Java Web Start" = Java Web Start
"LogViewer" = LogViewer
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SeaMonkey (1.1.5)" = SeaMonkey (1.1.5)
"Support.com" = Support.com Software
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/25/2009 2:31:17 PM | Computer Name = IRIS | Source = Application Error | ID = 1004
Description = Faulting application cidaemon.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x1000b9c0.
Error - 8/25/2009 2:31:39 PM | Computer Name = IRIS | Source = Application Error | ID = 1004
Description = Faulting application cidaemon.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x1000b9c0.
Error - 8/25/2009 2:32:53 PM | Computer Name = IRIS | Source = Application Error | ID = 1001
Description = Fault bucket 11778035.
Error - 8/25/2009 3:39:29 PM | Computer Name = IRIS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/25/2009 3:39:31 PM | Computer Name = IRIS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/25/2009 3:39:31 PM | Computer Name = IRIS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/26/2009 5:34:24 PM | Computer Name = IRIS | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module b.exe,
version 0.0.0.0, fault address 0x000173d2.
Error - 8/26/2009 5:50:37 PM | Computer Name = IRIS | Source = Application Error | ID = 1001
Description = Fault bucket 1433048275.
Error - 8/26/2009 5:51:08 PM | Computer Name = IRIS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 8/26/2009 5:51:31 PM | Computer Name = IRIS | Source = Application Error | ID = 1001
Description = Fault bucket 00000008.
[ System Events ]
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 8/29/2009 10:15:52 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 8/29/2009 10:16:20 PM | Computer Name = IRIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
< End of report >
OTL... OTL.TXT
OTL logfile created on: 8/29/2009 7:29:47 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Pryor\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.92 Mb Total Physical Memory | 268.78 Mb Available Physical Memory | 26.28% Memory free
1.88 Gb Paging File | 1.25 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): C:\pagefile.sys 999 1999 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.91 Gb Total Space | 0.57 Gb Free Space | 3.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IRIS
Current User Name: Pryor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\QCONSVC.EXE ()
PRC - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe (EMC Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\mqsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\System32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Documents and Settings\Pryor\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Pryor\Desktop\virus\di6ksn79.exe ()
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\System32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (PLSRemoteSvc [On_Demand | Stopped]) -- File not found
SRV - (QCONSVC [Auto | Running]) -- C:\WINDOWS\System32\QCONSVC.EXE ()
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe (EMC Corporation)
SRV - (Retrospect Helper [Auto | Stopped]) -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe (EMC Corporation)
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (vsmon [On_Demand | Stopped]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Ca100v [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Ca100v.sys (Digital Camera)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FA411 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA411ND5.sys (NETGEAR Inc. )
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys (IBM Corp.)
DRV - (IBMTPCHK [System | Running]) -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS ()
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (PMEM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (S3SSavage [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Smapint [System | Running]) -- C:\WINDOWS\System32\drivers\Smapint.sys (Microsoft Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TDSMAPI [System | Running]) -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TPPWR [System | Running]) -- C:\WINDOWS\System32\drivers\Tppwr.sys (IBM Corp.)
DRV - (TSMAPIP [System | Running]) -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS ()
DRV - (TwoTrack [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\TwoTrack.sys (IBM Corporation)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBCamera [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Bulk100.sys (USB BULK)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&tab=wn"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/25 09:32:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/16 13:59:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/29 09:35:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/29 09:35:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla\Thunderbird\components [2009/08/22 11:25:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla\Thunderbird\plugins [2009/05/03 13:43:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.5\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/05/03 13:19:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/05/03 13:43:37 | 00,000,000 | ---D | M]
[2008/09/26 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Extensions
[2008/09/26 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/25 11:30:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Firefox\Profiles\xge1g76p.default\extensions
[2009/01/03 11:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pryor\Application Data\mozilla\Firefox\Profiles\xge1g76p.default\extensions\ubiquity@labs.mozilla.com
[2008/10/11 19:28:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/29 09:35:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/29 09:35:16 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/29 09:35:17 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/29 09:35:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/11 18:01:54 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/08/29 09:35:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/29 09:35:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/29 09:35:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/29 09:35:38 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/29 09:35:38 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/29 09:35:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/29 09:35:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (305905 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10530 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {31F26F05-A35F-4590-9CE1-B4CE889193C8} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {60E049FF-E3C0-4E3B-8465-0077E11F9DE8} - No CLSID value found.
O2 - BHO: (no name) - {CF53F619-4C2E-400D-9EFD-AFBECCFDA5F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (IBM Corporation)
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143363414602 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\xxwww.dll) - C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\xxwww.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/04 09:03:40 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[2009/08/28 07:05:44 | 00,028,352 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/08/27 11:27:04 | 08,194,060 | ---- | C] () -- C:\Documents and Settings\Pryor\Desktop\vol4hmm.pdf
[2009/08/27 09:42:56 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/27 09:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/08/25 11:33:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pryor\Local Settings\Application Data\PCHealth
[2009/08/25 09:07:33 | 10,726,80960 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/24 13:41:19 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/24 13:29:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/08/24 13:28:11 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/24 13:28:11 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/24 13:28:11 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/17 11:54:36 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/16 13:57:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/16 13:56:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/16 13:56:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/16 13:55:01 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/16 13:55:00 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/16 13:55:00 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/16 13:54:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/16 13:54:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/16 13:54:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/16 13:54:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/16 13:54:57 | 00,000,000 | ---D | C] -- C:\57b7ffcf91c31769377fc0b69ff70727
[2009/08/05 02:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/05/03 09:29:42 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/05/03 09:29:42 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/05/03 09:29:01 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/05/03 09:29:00 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/05/03 09:28:57 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/03 09:28:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/05/02 18:45:52 | 00,000,357 | ---- | C] () -- C:\WINDOWS\wordwiz.ini
[2007/12/29 00:08:32 | 00,000,294 | -HS- | C] () -- C:\WINDOWS\System32\wkpqflrs.ini
[2007/12/28 00:12:19 | 00,000,714 | -HS- | C] () -- C:\WINDOWS\System32\rrkkbeqg.ini
[2007/12/27 13:18:48 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Sndrep.dll
[2007/12/27 13:18:47 | 00,000,720 | ---- | C] () -- C:\WINDOWS\COPERN32.INI
[2007/12/27 00:13:50 | 00,000,654 | -HS- | C] () -- C:\WINDOWS\System32\sprfapyd.ini
[2007/12/26 00:02:21 | 00,000,594 | -HS- | C] () -- C:\WINDOWS\System32\eyiuntvr.ini
[2007/12/25 00:01:38 | 00,000,534 | -HS- | C] () -- C:\WINDOWS\System32\mpdusfic.ini
[2007/12/24 00:00:58 | 00,000,474 | -HS- | C] () -- C:\WINDOWS\System32\ueyeehsr.ini
[2007/12/23 00:03:19 | 00,000,414 | -HS- | C] () -- C:\WINDOWS\System32\vcmgjswx.ini
[2007/12/14 02:08:56 | 00,937,321 | -HS- | C] () -- C:\WINDOWS\System32\pixoaqgn.ini
[2007/06/15 17:51:17 | 00,001,368 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/11 02:14:47 | 00,004,569 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/16 03:02:45 | 00,004,647 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/07/30 14:36:06 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/02/09 20:11:22 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/10/24 15:59:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/09/21 14:11:31 | 00,000,103 | ---- | C] () -- C:\WINDOWS\odbcisam.ini
[2003/09/21 14:11:27 | 00,000,058 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2003/09/21 14:08:57 | 00,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2003/09/21 14:00:31 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2003/09/21 14:00:16 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2003/09/04 12:52:55 | 00,000,457 | ---- | C] () -- C:\WINDOWS\fileman.ini
[2003/08/06 08:51:22 | 00,001,109 | ---- | C] () -- C:\WINDOWS\tlknw7.ini
[2003/08/06 08:48:09 | 00,000,402 | ---- | C] () -- C:\WINDOWS\wldtlk7.ini
[2003/07/14 12:55:42 | 00,000,575 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/05 14:58:30 | 00,000,224 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2003/07/05 10:41:06 | 00,001,046 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2003/07/04 10:37:23 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2003/07/04 10:37:23 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2003/07/04 10:37:23 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2003/07/04 10:37:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2003/07/04 10:37:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2003/07/04 10:37:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2003/07/04 10:37:23 | 00,014,380 | ---- | C] () -- C:\WINDOWS\Tw100.ini
[2003/07/04 10:37:23 | 00,014,118 | ---- | C] () -- C:\WINDOWS\USB_CAM.INI
[2003/07/04 10:37:23 | 00,001,722 | ---- | C] () -- C:\WINDOWS\Ca100.ini
[2003/07/04 10:37:23 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2003/07/03 01:25:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/05/27 07:13:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/27 07:13:02 | 00,001,112 | ---- | C] () -- C:\WINDOWS\System32\PX.INI
[2003/05/27 07:09:03 | 00,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/05/27 07:01:51 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2003/05/27 07:01:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2003/05/27 07:00:51 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2003/05/27 07:00:23 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/05/27 06:50:58 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/26 17:26:59 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1980/01/01 00:00:00 | 00,111,035 | ---- | C] () -- C:\WINDOWS\System32\SynTP.ini
[1980/01/01 00:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 00:00:00 | 00,051,915 | ---- | C] () -- C:\WINDOWS\System32\SynUnst.ini
[1980/01/01 00:00:00 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1980/01/01 00:00:00 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\SynTPEnh.ini
[1980/01/01 00:00:00 | 00,003,675 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,002,813 | ---- | C] () -- C:\WINDOWS\System32\IBM_DP.ini
[1980/01/01 00:00:00 | 00,000,278 | ---- | C] () -- C:\WINDOWS\system.ini
[1980/01/01 00:00:00 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
========== Files - Modified Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/29 17:43:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/29 17:39:44 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/08/29 17:38:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/29 17:38:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/29 17:38:26 | 10,726,80960 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 08:58:50 | 40,257,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/29 04:30:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/08/28 08:58:42 | 00,073,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/28 07:05:44 | 00,028,352 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/08/27 19:57:36 | 02,530,582 | -H-- | M] () -- C:\Documents and Settings\Pryor\Local Settings\Application Data\IconCache.db
[2009/08/27 11:30:01 | 08,194,060 | ---- | M] () -- C:\Documents and Settings\Pryor\Desktop\vol4hmm.pdf
[2009/08/27 11:11:51 | 00,004,569 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/27 09:38:04 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 09:37:38 | 00,001,046 | ---- | M] () -- C:\WINDOWS\WINWORD6.INI
[2009/08/27 09:30:12 | 00,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/27 09:29:43 | 00,028,352 | ---- | M] () -- C:\Documents and Settings\Pryor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/26 14:49:17 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/26 14:36:03 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/25 11:08:21 | 00,305,905 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/24 13:28:11 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/24 13:28:11 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/18 03:07:41 | 02,006,427 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/08/18 03:07:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 11:54:53 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/17 11:54:53 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/17 11:54:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/17 03:08:48 | 00,585,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/17 03:08:48 | 00,502,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/17 03:08:48 | 00,091,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/16 14:20:25 | 00,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/05 02:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 02:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
< End of report >
GMER RPT ON SEPARATE POST>>>