Slow Computer / Possible Spyware? Get outgoing files blocked?

View previous topic View next topic Go down

Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 31st December 2011, 9:28 am

The computer has slowed down? I have run malwarebytes in safe mode and it finds stuff, if I run it in reg windows mode it finds nothing? I also ran my Microsoft Security Essentials virus scan in safe mode and it found and deleted stuff, but not in regular mode? And occasionally I get a pop up of an out going hazard blocked from Microsoft Essentials. I also feel I have too many things on startup running (Wacom Tablet for example) that do not need to be, but am unsure whats ok and what is not needed?

I posted a long time ago on here and you guys were able to fix it up, so I'm hoping whatever got me slowed down will be easy enough to fix!? Anyways, I did all the preparation you requested and this is where I am. I'm looking foward to getting some help and getting this fixed finally and see if my performance is better!
Thanks,
-Gary

OTL logfile created on: 12/31/2011 4:09:21 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.09% Memory free
2.60 Gb Paging File | 1.87 Gb Available in Paging File | 71.82% Paging File free
Paging file location(s): G:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 114.49 Gb Total Space | 13.25 Gb Free Space | 11.57% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 385.14 Gb Free Space | 82.69% Space Free | Partition Type: NTFS

Computer Name: HOTRODGARY | User Name: Hot Rod Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/31 03:56:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\OTL.com
PRC - [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- G:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- G:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- g:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 19:17:32 | 000,283,792 | ---- | M] (Carbonite, Inc.) -- G:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2010/10/13 11:41:00 | 002,954,608 | ---- | M] (Wacom Technology, Corp.) -- G:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/13 11:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- G:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/10/13 11:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- G:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/13 11:40:54 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- G:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/10/11 10:17:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/10 00:11:01 | 000,611,664 | ---- | M] (Lavasoft) -- G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- G:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/22 23:58:48 | 000,069,632 | ---- | M] (HP) -- G:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- G:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- G:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- G:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- G:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/02/25 15:54:48 | 000,131,072 | ---- | M] (Alcor Micro, Corp.) -- G:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2004/09/03 12:14:10 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- G:\Program Files\HP DVD\Umbrella\DVDTray.exe
PRC - [2003/09/23 01:20:02 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- G:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
PRC - [2003/09/23 01:01:40 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- G:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/03 08:25:04 | 008,527,008 | ---- | M] () -- G:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/26 22:43:56 | 001,989,592 | ---- | M] () -- G:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- G:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- G:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/13 11:41:00 | 000,962,416 | ---- | M] () -- G:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- G:\Program Files\WinRAR\RarExt.dll
MOD - [2005/10/20 12:36:08 | 000,077,824 | R--- | M] () -- G:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 12:36:08 | 000,065,536 | R--- | M] () -- G:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2004/07/28 10:51:30 | 000,053,248 | ---- | M] () -- G:\Program Files\FlexiSTARTER Desay Edition 7.5v5\Program\DesignShell.dll
MOD - [2003/09/23 00:35:24 | 000,126,976 | ---- | M] () -- G:\WINDOWS\system32\spool\drivers\w32x86\3\LXBFFC5C.DLL
MOD - [2003/07/21 09:13:34 | 000,078,336 | ---- | M] () -- G:\WINDOWS\system32\spool\prtprocs\w32x86\LXBFPP5C.DLL
MOD - [2002/12/16 15:00:50 | 000,049,152 | ---- | M] () -- G:\Program Files\Lexmark X6100 Series\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- g:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/26 04:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- G:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/10/13 11:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- G:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/10/13 11:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- G:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/10/11 10:17:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/10 00:11:01 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- G:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/22 23:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- G:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/30 06:59:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- g:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5583552D-E89D-424F-BFB3-A80C090F5D65}\MpKsld730f7cd.sys -- (MpKsld730f7cd)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- G:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/26 04:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/10/05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/07/13 09:16:01 | 000,019,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2008/07/13 09:15:59 | 000,665,600 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- G:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2008/07/13 09:15:59 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- G:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/10 05:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/05/27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/12/08 18:16:30 | 000,038,468 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/12/16 04:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- G:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/05/07 11:04:18 | 000,047,328 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- G:\Program Files\FlexiSIGN-PRO 6.6\Program\Par1284.sys -- (Par1284)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: G:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: G:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: G:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: g:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: G:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2011/11/26 22:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2011/10/30 19:56:05 | 000,000,000 | ---D | M]

[2011/11/05 12:00:01 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Hot Rod Gary\Application Data\Mozilla\Extensions
[2011/11/26 22:44:11 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:26:41 | 000,000,000 | ---D | M] (Skype extension) -- G:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/23 08:58:28 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2008/12/21 23:12:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/03 16:29:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/26 22:43:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- G:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/26 22:43:57 | 000,002,040 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = G:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = G:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = G:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = G:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = G:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = G:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = G:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Picasa (Enabled) = G:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = G:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = g:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] G:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] G:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DVDBitSet] G:\Program Files\HP DVD\Umbrella\DVDBitSet.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DVDTray] G:\Program Files\HP DVD\Umbrella\DVDTray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark X6100 Series] G:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] G:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] G:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] G:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] g:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] G:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Sunkist2k] G:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UpdateManager] G:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [LogitechSoftwareUpdate] G:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - G:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95C30AF8-EDE2-4A9C-B59A-58D01CBB0EDB}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\userinit.exe) -G:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: G:\Documents and Settings\Hot Rod Gary\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Hot Rod Gary\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/06 17:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{44be4318-2076-11e1-aa5c-00e04cacf313}\Shell - "" = AutoRun
O33 - MountPoints2\{44be4318-2076-11e1-aa5c-00e04cacf313}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44be4318-2076-11e1-aa5c-00e04cacf313}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{adcdd099-5399-11dd-a8a8-00e04cacf313}\Shell - "" = AutoRun
O33 - MountPoints2\{adcdd099-5399-11dd-a8a8-00e04cacf313}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adcdd099-5399-11dd-a8a8-00e04cacf313}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: aawservice - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - g:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - g:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - G:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - g:\WINDOWS\system32\Rundll32.exe g:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - G:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - G:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - G:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - G:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - G:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - G:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - G:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - G:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - G:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - G:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - G:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - G:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - G:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - G:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - G:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - G:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - G:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]


hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 31st December 2011, 9:29 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 10:53:58 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Hot Rod Gary\Desktop\iPod Photo Cache
[2011/12/23 12:23:29 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Nero_AG
[2011/12/18 08:44:13 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/18 08:43:38 | 000,000,000 | ---D | C] -- G:\Program Files\Spybot - Search & Destroy
[2011/12/18 08:43:38 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/13 20:36:25 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\HandBrake
[2011/12/13 20:36:25 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Hot Rod Gary\Application Data\HandBrake
[2011/12/13 20:36:08 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Hot Rod Gary\Start Menu\Programs\Handbrake
[2011/12/06 20:01:33 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/06 19:59:37 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2008/12/07 21:42:09 | 000,047,360 | ---- | C] (VSO Software) -- G:\Documents and Settings\Hot Rod Gary\Application Data\pcouffin.sys
[6 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[5 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/31 04:01:00 | 000,000,248 | ---- | M] () -- G:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/31 03:54:00 | 000,001,006 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1284227242-839522115-1003UA.job
[2011/12/30 12:54:00 | 000,000,954 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1284227242-839522115-1003Core.job
[2011/12/30 10:34:32 | 000,000,409 | ---- | M] () -- G:\WINDOWS\lexstat.ini
[2011/12/25 02:24:29 | 000,000,424 | -H-- | M] () -- G:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/24 14:11:00 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/20 06:53:48 | 000,002,422 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2011/12/20 06:52:32 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2011/12/20 06:52:31 | 2147,012,608 | -HS- | M] () -- G:\hiberfil.sys
[2011/12/18 16:56:50 | 000,000,116 | ---- | M] () -- G:\WINDOWS\NeroDigital.ini
[2011/12/18 16:56:49 | 000,083,968 | ---- | M] () -- G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 08:44:19 | 000,000,933 | ---- | M] () -- G:\Documents and Settings\Hot Rod Gary\Desktop\Spybot - Search & Destroy.lnk
[2011/12/15 03:25:09 | 001,494,864 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:07:53 | 000,001,393 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2011/12/13 20:36:08 | 000,000,694 | ---- | M] () -- G:\Documents and Settings\Hot Rod Gary\Desktop\Handbrake.lnk
[2011/12/06 20:01:33 | 000,001,453 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/03 08:25:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- G:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[6 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[5 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 20:41:27 | 2147,012,608 | -HS- | C] () -- G:\hiberfil.sys
[2011/12/18 08:44:19 | 000,000,933 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Desktop\Spybot - Search & Destroy.lnk
[2011/12/13 20:36:08 | 000,000,694 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Desktop\Handbrake.lnk
[2011/12/06 20:01:33 | 000,001,453 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/06 19:43:44 | 000,000,284 | ---- | C] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/04 21:15:08 | 000,156,744 | ---- | C] () -- G:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/13 17:03:01 | 000,000,056 | -H-- | C] () -- G:\WINDOWS\System32\ezsidmv.dat
[2010/12/04 18:59:40 | 000,038,864 | -H-- | C] () -- G:\WINDOWS\System32\mlfcache.dat
[2008/12/07 21:42:45 | 000,000,671 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Application Data\vso_ts_preview.xml
[2008/12/07 21:42:09 | 000,087,608 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Application Data\inst.exe
[2008/12/07 21:42:09 | 000,007,887 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Application Data\pcouffin.cat
[2008/12/07 21:42:09 | 000,001,144 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Application Data\pcouffin.inf
[2008/11/15 13:56:18 | 000,765,952 | ---- | C] () -- G:\WINDOWS\System32\xvidcore.dll
[2008/11/15 13:56:17 | 000,180,224 | ---- | C] () -- G:\WINDOWS\System32\xvidvfw.dll
[2008/11/15 13:47:28 | 000,066,560 | ---- | C] () -- G:\WINDOWS\MOTA113.exe
[2008/11/15 13:47:28 | 000,027,648 | ---- | C] () -- G:\WINDOWS\System32\AVSredirect.dll
[2008/11/15 13:47:27 | 000,502,784 | ---- | C] () -- G:\WINDOWS\x2.64.exe
[2008/11/15 13:47:27 | 000,240,128 | ---- | C] () -- G:\WINDOWS\System32\x.264.exe
[2008/11/15 13:47:27 | 000,217,073 | ---- | C] () -- G:\WINDOWS\meta4.exe
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- G:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- G:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/28 21:48:08 | 000,000,116 | ---- | C] () -- G:\WINDOWS\NeroDigital.ini
[2008/08/22 18:12:30 | 000,053,248 | R--- | C] () -- G:\WINDOWS\System32\InstMed.exe
[2008/08/22 18:12:20 | 000,009,255 | ---- | C] () -- G:\WINDOWS\System32\lvcoinst.ini
[2008/08/22 16:14:31 | 000,000,376 | ---- | C] () -- G:\WINDOWS\ODBC.INI
[2008/08/21 16:39:30 | 000,083,968 | ---- | C] () -- G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/09 23:31:47 | 000,000,000 | ---- | C] () -- G:\WINDOWS\nsreg.dat
[2008/08/09 22:50:53 | 000,011,111 | ---- | C] () -- G:\WINDOWS\System32\DELTREE.EXE
[2008/07/29 21:10:09 | 000,000,409 | ---- | C] () -- G:\WINDOWS\lexstat.ini
[2008/07/29 21:09:45 | 000,040,960 | ---- | C] () -- G:\WINDOWS\System32\lxbfvs.dll
[2008/07/29 21:09:14 | 000,000,188 | ---- | C] () -- G:\WINDOWS\System32\lxbfcoin.ini
[2008/07/29 21:09:11 | 000,086,016 | ---- | C] () -- G:\WINDOWS\System32\LXBFIH.EXE
[2008/07/29 21:09:10 | 000,040,960 | ---- | C] () -- G:\WINDOWS\System32\INSTMON.EXE
[2008/07/29 21:09:09 | 000,077,824 | ---- | C] () -- G:\WINDOWS\System32\LXBFLCNP.DLL
[2008/07/29 20:08:02 | 002,463,976 | ---- | C] () -- G:\WINDOWS\System32\NPSWF32.dll
[2008/07/13 09:15:59 | 000,000,383 | ---- | C] () -- G:\WINDOWS\System32\haspdos.sys
[2008/07/13 08:17:33 | 000,077,824 | R--- | C] () -- G:\WINDOWS\System32\HPZIDS01.dll
[2008/07/13 08:11:59 | 000,123,090 | ---- | C] () -- G:\WINDOWS\HPHins11.dat
[2008/07/13 08:11:59 | 000,013,767 | ---- | C] () -- G:\WINDOWS\hphmdl11.dat
[2008/07/05 10:16:02 | 000,002,048 | --S- | C] () -- G:\WINDOWS\bootstat.dat
[2008/07/05 10:08:27 | 000,021,640 | ---- | C] () -- G:\WINDOWS\System32\emptyregdb.dat
[2008/07/04 14:00:10 | 000,004,161 | ---- | C] () -- G:\WINDOWS\ODBCINST.INI
[2008/07/04 13:56:57 | 001,494,864 | ---- | C] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- G:\WINDOWS\System32\lsdelete.exe
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- G:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- G:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,432,784 | ---- | C] () -- G:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- G:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- G:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,067,740 | ---- | C] () -- G:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- G:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- G:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- G:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- G:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- G:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- G:\WINDOWS\System32\noise.dat
[2004/12/03 15:07:58 | 000,000,000 | ---- | C] () -- G:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- G:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/26 22:43:57 | 000,125,912 | ---- | M] (Mozilla Foundation) -- G:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/26 22:43:54 | 000,016,856 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/26 22:43:53 | 000,269,272 | ---- | M] (Mozilla Foundation) -- G:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[6 G:\WINDOWS\system32\*.tmp files -> G:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/05/18 16:50:13 | 000,000,000 | ---D | M] -- G:\Program Files\Adobe
[2008/07/13 07:51:27 | 000,000,000 | ---D | M] -- G:\Program Files\Ahead
[2008/08/10 01:15:45 | 000,000,000 | ---D | M] -- G:\Program Files\AIM6
[2011/12/06 20:04:00 | 000,000,000 | ---D | M] -- G:\Program Files\Apple Software Update
[2008/07/13 08:03:01 | 000,000,000 | ---D | M] -- G:\Program Files\ArcSoft
[2011/10/10 18:01:20 | 000,000,000 | ---D | M] -- G:\Program Files\Ask.com
[2008/11/15 13:47:26 | 000,000,000 | ---D | M] -- G:\Program Files\AviSynth 2.5
[2011/12/06 19:54:11 | 000,000,000 | ---D | M] -- G:\Program Files\Bonjour
[2010/12/04 14:22:24 | 000,000,000 | ---D | M] -- G:\Program Files\Carbonite
[2011/02/02 18:32:32 | 000,000,000 | ---D | M] -- G:\Program Files\ComcastToolbar
[2008/07/05 12:00:36 | 000,000,000 | ---D | M] -- G:\Program Files\ComcastUI
[2010/12/27 08:53:41 | 000,000,000 | ---D | M] -- G:\Program Files\Common Files
[2008/07/05 10:08:21 | 000,000,000 | ---D | M] -- G:\Program Files\ComPlus Applications
[2008/07/13 07:55:22 | 000,000,000 | ---D | M] -- G:\Program Files\CyberLink
[2011/04/28 08:14:43 | 000,000,000 | ---D | M] -- G:\Program Files\DivX
[2008/08/10 00:38:17 | 000,000,000 | ---D | M] -- G:\Program Files\Enigma Software Group
[2008/11/28 15:15:58 | 000,000,000 | ---D | M] -- G:\Program Files\eRightSoft
[2008/08/09 23:14:24 | 000,000,000 | ---D | M] -- G:\Program Files\FlexiSIGN-PRO 6.6
[2008/11/13 18:43:58 | 000,000,000 | ---D | M] -- G:\Program Files\FlexiSTARTER Desay Edition 7.5v5
[2010/02/07 20:00:20 | 000,000,000 | ---D | M] -- G:\Program Files\Google
[2011/12/13 20:36:13 | 000,000,000 | ---D | M] -- G:\Program Files\Handbrake
[2008/07/13 08:21:38 | 000,000,000 | ---D | M] -- G:\Program Files\Hewlett-Packard
[2008/07/13 08:23:36 | 000,000,000 | ---D | M] -- G:\Program Files\HP
[2009/01/24 15:56:26 | 000,000,000 | ---D | M] -- G:\Program Files\HP DVD
[2009/01/24 15:53:59 | 000,000,000 | -H-D | M] -- G:\Program Files\InstallShield Installation Information
[2011/12/15 03:08:23 | 000,000,000 | ---D | M] -- G:\Program Files\Internet Explorer
[2011/12/06 19:59:37 | 000,000,000 | ---D | M] -- G:\Program Files\iPod
[2011/10/23 08:58:18 | 000,000,000 | ---D | M] -- G:\Program Files\Java
[2008/11/15 13:50:11 | 000,000,000 | ---D | M] -- G:\Program Files\JockerSoft
[2008/08/10 00:10:39 | 000,000,000 | ---D | M] -- G:\Program Files\Lavasoft
[2008/07/29 21:09:38 | 000,000,000 | ---D | M] -- G:\Program Files\Lexmark X6100 Series
[2008/10/02 17:31:16 | 000,000,000 | ---D | M] -- G:\Program Files\LimeWire
[2008/11/29 21:50:02 | 000,000,000 | ---D | M] -- G:\Program Files\Logitech
[2011/10/08 09:11:20 | 000,000,000 | ---D | M] -- G:\Program Files\Malwarebytes' Anti-Malware
[2008/08/18 16:26:52 | 000,000,000 | ---D | M] -- G:\Program Files\Messenger
[2008/08/22 16:12:49 | 000,000,000 | ---D | M] -- G:\Program Files\Microsoft ActiveSync
[2010/12/28 03:04:38 | 000,000,000 | ---D | M] -- G:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/07/05 10:13:08 | 000,000,000 | ---D | M] -- G:\Program Files\microsoft frontpage
[2008/07/13 08:10:13 | 000,000,000 | ---D | M] -- G:\Program Files\Microsoft IntelliPoint
[2011/07/01 08:10:24 | 000,000,000 | ---D | M] -- G:\Program Files\Microsoft Office
[2011/08/10 02:25:41 | 000,000,000 | ---D | M] -- G:\Program Files\Microsoft Security Client
[2008/08/22 16:12:57 | 000,000,000 | ---D | M] -- G:\Program Files\Microsoft.NET
[2010/08/14 02:00:57 | 000,000,000 | ---D | M] -- G:\Program Files\Movie Maker
[2011/12/30 17:55:45 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox
[2011/11/05 11:58:30 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox 4.0 Beta 11
[2009/08/28 22:59:23 | 000,000,000 | ---D | M] -- G:\Program Files\MSBuild
[2008/07/05 10:07:12 | 000,000,000 | ---D | M] -- G:\Program Files\MSN
[2008/07/05 10:08:00 | 000,000,000 | ---D | M] -- G:\Program Files\MSN Gaming Zone
[2008/07/29 19:33:51 | 000,000,000 | ---D | M] -- G:\Program Files\Multimedia Card Reader
[2009/01/24 15:54:08 | 000,000,000 | ---D | M] -- G:\Program Files\muvee Technologies
[2011/02/01 18:42:16 | 000,000,000 | ---D | M] -- G:\Program Files\Nero
[2008/07/12 22:27:13 | 000,000,000 | ---D | M] -- G:\Program Files\NetMeeting
[2010/12/27 08:53:44 | 000,000,000 | ---D | M] -- G:\Program Files\Network Associates
[2008/07/05 10:11:11 | 000,000,000 | ---D | M] -- G:\Program Files\Online Services
[2011/04/28 08:14:48 | 000,000,000 | ---D | M] -- G:\Program Files\OpenVPN
[2010/12/14 18:46:26 | 000,000,000 | ---D | M] -- G:\Program Files\Outlook Express
[2010/12/13 16:32:48 | 000,000,000 | ---D | M] -- G:\Program Files\QuickTime
[2009/08/28 22:59:14 | 000,000,000 | ---D | M] -- G:\Program Files\Reference Assemblies
[2011/04/11 17:19:28 | 000,000,000 | ---D | M] -- G:\Program Files\Safari
[2010/12/13 17:01:06 | 000,000,000 | R--D | M] -- G:\Program Files\Skype
[2008/09/14 10:41:44 | 000,000,000 | ---D | M] -- G:\Program Files\Smartparts
[2009/01/24 15:36:12 | 000,000,000 | ---D | M] -- G:\Program Files\Sonic
[2009/01/24 15:36:25 | 000,000,000 | ---D | M] -- G:\Program Files\Sonic_RecordNow
[2011/12/18 08:51:46 | 000,000,000 | ---D | M] -- G:\Program Files\Spybot - Search & Destroy
[2008/10/11 22:27:02 | 000,000,000 | ---D | M] -- G:\Program Files\Sun
[2008/07/13 08:07:02 | 000,000,000 | ---D | M] -- G:\Program Files\SureThingcdlabeler
[2011/01/28 22:17:46 | 000,000,000 | ---D | M] -- G:\Program Files\Tablet
[2011/01/28 22:17:43 | 000,000,000 | ---D | M] -- G:\Program Files\TabletPlugins
[2008/07/05 10:20:03 | 000,000,000 | -H-D | M] -- G:\Program Files\Uninstall Information
[2008/08/22 17:36:40 | 000,000,000 | ---D | M] -- G:\Program Files\uTorrent
[2008/08/10 01:15:16 | 000,000,000 | ---D | M] -- G:\Program Files\Viewpoint
[2008/12/07 21:42:01 | 000,000,000 | ---D | M] -- G:\Program Files\VSO
[2008/10/12 01:53:59 | 000,000,000 | ---D | M] -- G:\Program Files\Windows Media Connect 2
[2008/10/12 01:53:52 | 000,000,000 | ---D | M] -- G:\Program Files\Windows Media Player
[2008/07/12 22:27:10 | 000,000,000 | ---D | M] -- G:\Program Files\Windows NT
[2008/07/05 10:11:14 | 000,000,000 | -H-D | M] -- G:\Program Files\WindowsUpdate
[2011/07/22 20:10:13 | 000,000,000 | ---D | M] -- G:\Program Files\WinMend
[2008/07/29 19:43:12 | 000,000,000 | ---D | M] -- G:\Program Files\WinRAR
[2008/07/05 10:13:09 | 000,000,000 | ---D | M] -- G:\Program Files\xerox
[2008/11/15 13:56:18 | 000,000,000 | ---D | M] -- G:\Program Files\Xvid


< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/12 22:20:36 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/12 22:20:36 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- G:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- G:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/12 22:20:36 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/12 22:20:36 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- G:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- G:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/07/12 22:20:36 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/07/12 22:20:36 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- G:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- G:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- G:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- G:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- G:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- G:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 08:08:38

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "G:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/26 22:43:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "G:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/26 22:43:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "G:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/26 22:43:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: G:\Program Files\Mozilla Firefox\firefox.exe [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "G:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "G:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "G:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "G:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "G:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: G:\Program Files\Internet Explorer\iexplore.exe [2011/10/31 05:46:00 | 000,634,504 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "G:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "G:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "G:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "G:\Program Files\Safari\Safari.exe" [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "G:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/26 22:43:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "G:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/26 22:43:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "G:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/26 22:43:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: G:\Program Files\Mozilla Firefox\firefox.exe [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "G:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "G:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/26 22:43:57 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "G:\Documents and Settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/17 04:49:18 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "G:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "G:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "G:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: G:\Program Files\Internet Explorer\iexplore.exe [2011/10/31 05:46:00 | 000,634,504 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "G:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "G:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "G:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "G:\Program Files\Safari\Safari.exe" [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >

hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 31st December 2011, 9:30 am

OTL Extras logfile created on: 12/31/2011 4:09:21 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.09% Memory free
2.60 Gb Paging File | 1.87 Gb Available in Paging File | 71.82% Paging File free
Paging file location(s): G:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 114.49 Gb Total Space | 13.25 Gb Free Space | 11.57% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 385.14 Gb Free Space | 82.69% Space Free | Partition Type: NTFS

Computer Name: HOTRODGARY | User Name: Hot Rod Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"G:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = G:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\Common Files\AOL\Loader\aolload.exe" = G:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"G:\Program Files\AIM6\aim6.exe" = G:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"G:\Program Files\FlexiSTARTER Desay Edition 7.5v5\Program\App.exe" = G:\Program Files\FlexiSTARTER Desay Edition 7.5v5\Program\App.exe:*:Enabled:Design Software -- (Scanvec Amiable)
"G:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = G:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"G:\Program Files\LimeWire\LimeWire.exe" = G:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"G:\Program Files\FlexiSTARTER Desay Edition 7.5v5\Program\App2.exe" = G:\Program Files\FlexiSTARTER Desay Edition 7.5v5\Program\App2.exe:*:Enabled:Production -- ()
"G:\WINDOWS\system32\dpvsetup.exe" = G:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"G:\Documents and Settings\Hot Rod Gary\Application Data\Dropbox\bin\Dropbox.exe" = G:\Documents and Settings\Hot Rod Gary\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"G:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = G:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36B521F3-20C4-49C4-88CD-2F02409B0DE4}" = A510
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B441C21-F8DE-459B-B2BA-FEC422A8BCE7}" = A710_A610_A510_Help
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.0.96
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CA529363-D0F2-41EA-B44B-D7515A254645}" = Multimedia Card Reader
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE636486-7E13-4051-9067-AFC4E1B8F54E}" = ArcSoft ShowBiz DVD 2
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0879DDC-F053-4068-80C1-DBC358AC5917}" = LS_HSI
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED2922DF-10E1-4D53-A941-0B343A97F050}" = muvee autoProducer 3.5_LE10 - HPC
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FDE97748-2050-47B1-9BDD-E049626FDE63}" = Smartparts Desktop
"1" = FlexiSIGN-PRO 6.6v1
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AIM_6" = AIM 6
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CodecInstaller" = CodecInstaller 2.10.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FlexiSTARTER Desay Edition 7.5v5" = FlexiSTARTER Desay Edition 7.5v5
"HandBrake" = HandBrake 0.9.5
"HP DVD" = HP DVD Writer
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{CA529363-D0F2-41EA-B44B-D7515A254645}" = Multimedia Card Reader
"Lexmark X6100 Series" = Lexmark X6100 Series
"LimeWire" = LimeWire PRO 4.14.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = SureThing CD Labeler 4 SE
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenVPN" = OpenVPN 2.2.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"QcDrv" = Logitech® Camera Driver
"Rainbow Sentinel Driver" = Sentinel System Driver
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMend Registry Defrag_is1" = WinMend Registry Defrag 1.3.9
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2011 2:59:02 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15

Error - 12/31/2011 2:59:02 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16

Error - 12/31/2011 2:59:02 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 12/31/2011 2:59:03 AM | Computer Name = HOTRODGARY | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

[ System Events ]
Error - 12/19/2011 7:54:35 PM | Computer Name = HOTRODGARY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/19/2011 7:54:35 PM | Computer Name = HOTRODGARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 12/19/2011 7:54:53 PM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/19/2011 8:05:32 PM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/19/2011 8:05:32 PM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/19/2011 8:05:32 PM | Computer Name = HOTRODGARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1307.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 12/19/2011 9:40:40 PM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/23/2011 1:24:24 PM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 12/24/2011 7:14:07 PM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 12/31/2011 4:55:13 AM | Computer Name = HOTRODGARY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.


< End of report >

hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 31st December 2011, 9:49 am

Running the aswMBR scan now... taking longer than I had expected....

hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 31st December 2011, 4:23 pm

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-31 04:24:46
-----------------------------
04:24:46.618 OS Version: Windows 5.1.2600 Service Pack 3
04:24:46.618 Number of processors: 1 586 0x801
04:24:46.618 ComputerName: HOTRODGARY UserName:
04:24:48.118 Initialize success
04:29:35.837 AVAST engine defs: 11123100
04:31:02.602 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
04:31:02.602 Disk 0 Vendor: ST3500630A 3.AAE Size: 476940MB BusType: 3
04:31:02.602 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
04:31:02.602 Disk 1 Vendor: Maxtor_6Y120P0 YAR41BW0 Size: 117246MB BusType: 3
04:31:02.618 Disk 1 MBR read successfully
04:31:02.618 Disk 1 MBR scan
04:31:02.649 Disk 1 Windows XP default MBR code
04:31:02.649 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117239 MB offset 63
04:31:02.665 Disk 1 scanning sectors +240107490
04:31:02.727 Disk 1 scanning G:\WINDOWS\system32\drivers
04:31:28.634 Service scanning
04:31:30.118 Service MpKsld730f7cd g:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5583552D-E89D-424F-BFB3-A80C090F5D65}\MpKsld730f7cd.sys **LOCKED** 32
04:31:30.790 Modules scanning
04:31:36.930 Module: G:\WINDOWS\system32\drivers\hardlock.sys **SUSPICIOUS**
04:31:37.587 Disk 1 trace - called modules:
04:31:37.587 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
04:31:37.587 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89bbdab8]
04:31:37.587 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006a[0x89b752b8]
04:31:37.587 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x89bc7b00]
04:31:38.587 AVAST engine scan G:\WINDOWS
04:31:49.259 File: G:\WINDOWS\uninst.exe **INFECTED** Win32:CIH-G@dam
04:31:53.946 AVAST engine scan G:\WINDOWS\system32
04:36:34.180 AVAST engine scan G:\WINDOWS\system32\drivers
04:37:15.821 AVAST engine scan G:\Documents and Settings\Hot Rod Gary
04:43:28.555 Disk 1 MBR has been saved successfully to "G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\MBR.dat"
04:43:28.680 The log file has been saved successfully to "G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\aswMBR.txt"
05:04:28.571 AVAST engine scan G:\Documents and Settings\All Users
05:20:52.399 Scan finished successfully
11:22:13.680 Disk 1 MBR has been saved successfully to "G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\MBR.dat"
11:22:13.680 The log file has been saved successfully to "G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\aswMBR.txt"
11:22:48.884 Disk 1 MBR has been saved successfully to "G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\MBR.dat"
11:22:48.899 The log file has been saved successfully to "G:\Documents and Settings\Hot Rod Gary\My Documents\Downloads\aswMBR.txt"



hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 31st December 2011, 4:29 pm

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Adobe After Effects CS3 Presets
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 8.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by Belahzur on 3rd January 2012, 12:29 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 3rd January 2012, 1:58 am

ComboFix 12-01-02.02 - Hot Rod Gary 01/02/2012 20:16:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1316 [GMT -5:00]
Running from: g:\documents and settings\Hot Rod Gary\My Documents\Downloads\Belahzur.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\documents and settings\Hot Rod Gary\Application Data\inst.exe
g:\documents and settings\Hot Rod Gary\Application Data\vso_ts_preview.xml
g:\documents and settings\Hot Rod Gary\WINDOWS
g:\windows\system32\SET12E.tmp
g:\windows\system32\SET132.tmp
g:\windows\system32\SET133.tmp
g:\windows\system32\SET13A.tmp
g:\windows\system32\SET186.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-02 21:24 . 2012-01-02 21:24 29904 ----a-w- g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D2E73C-834D-4823-92FC-FF91DAE1CCF1}\MpKsl005bdcc1.sys
2012-01-02 21:24 . 2012-01-02 21:24 56200 ----a-w- g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D2E73C-834D-4823-92FC-FF91DAE1CCF1}\offreg.dll
2012-01-02 15:10 . 2011-11-21 10:47 6823496 ----a-w- g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D2E73C-834D-4823-92FC-FF91DAE1CCF1}\mpengine.dll
2011-12-23 17:23 . 2011-12-23 17:23 -------- d-----w- g:\documents and settings\Hot Rod Gary\Local Settings\Application Data\Nero_AG
2011-12-18 13:43 . 2011-12-18 16:25 -------- d-----w- g:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-18 13:43 . 2011-12-18 13:51 -------- d-----w- g:\program files\Spybot - Search & Destroy
2011-12-14 01:36 . 2011-12-14 01:39 -------- d-----w- g:\documents and settings\Hot Rod Gary\Application Data\HandBrake
2011-12-14 01:36 . 2011-12-14 01:36 -------- d-----w- g:\documents and settings\Hot Rod Gary\Local Settings\Application Data\HandBrake
2011-12-07 00:59 . 2011-12-07 00:59 -------- d-----w- g:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 13:25 . 2011-10-08 13:40 414368 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- g:\windows\system32\win32k.sys
2011-11-21 10:47 . 2010-12-28 14:02 6823496 ----a-w- g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- g:\windows\system32\ole32.dll
2011-10-31 23:43 . 2006-02-28 12:00 832512 ----a-w- g:\windows\system32\wininet.dll
2011-10-31 23:43 . 2006-02-28 12:00 78336 ----a-w- g:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2006-02-28 12:00 1830912 ------w- g:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2006-02-28 12:00 17408 ----a-w- g:\windows\system32\corpol.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- g:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2006-02-28 12:00 2192768 ----a-w- g:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- g:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- g:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-07-05 15:09 692736 ----a-w- g:\windows\system32\inetcomm.dll
2011-11-27 03:43 . 2011-11-05 16:59 134104 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- g:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- g:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- g:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- g:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "g:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "g:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- g:\documents and settings\Hot Rod Gary\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- g:\documents and settings\Hot Rod Gary\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- g:\documents and settings\Hot Rod Gary\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- g:\documents and settings\Hot Rod Gary\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="g:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"AdobeUpdater"="g:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-06-07 2356088]
"SpybotSD TeaTimer"="g:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="g:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="g:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"DVDTray"="g:\program files\HP DVD\Umbrella\DVDTray.exe" [2004-09-03 57344]
"DVDBitSet"="g:\program files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 184320]
"IntelliPoint"="g:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"HP Software Update"="g:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sunkist2k"="g:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 131072]
"Lexmark X6100 Series"="g:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"LVCOMSX"="g:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="g:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="g:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"UpdateManager"="g:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="g:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AppleSyncNotifier"="g:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"CarboniteSetupLite"="g:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="g:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NBAgent"="g:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-14 1086760]
"ApnUpdater"="g:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="g:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
g:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - g:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"g:\\Program Files\\AIM6\\aim6.exe"=
"g:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"g:\\Program Files\\FlexiSTARTER Desay Edition 7.5v5\\Program\\App.exe"=
"g:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"g:\\Program Files\\LimeWire\\LimeWire.exe"=
"g:\\Program Files\\FlexiSTARTER Desay Edition 7.5v5\\Program\\App2.exe"=
"g:\\WINDOWS\\system32\\dpvsetup.exe"=
"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Documents and Settings\\Hot Rod Gary\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R1 MpKsl005bdcc1;MpKsl005bdcc1;g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D2E73C-834D-4823-92FC-FF91DAE1CCF1}\MpKsl005bdcc1.sys [1/2/2012 4:24 PM 29904]
R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2010 8:01 PM 366152]
R2 TabletServicePen;TabletServicePen;g:\program files\Tablet\Pen\Pen_Tablet.exe [1/28/2011 10:16 PM 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;g:\program files\Tablet\Pen\Pen_TouchService.exe [1/28/2011 10:17 PM 416112]
R2 Viewpoint Manager Service;Viewpoint Manager Service;g:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 1:15 AM 24652]
R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [2/3/2010 8:01 PM 22216]
R3 pcouffin;VSO Software pcouffin;g:\windows\system32\drivers\pcouffin.sys [12/7/2008 9:42 PM 47360]
S1 MpKsl0e75d5a7;MpKsl0e75d5a7;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{014F6D45-D275-408F-AE7B-56B1AB426E7A}\MpKsl0e75d5a7.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{014F6D45-D275-408F-AE7B-56B1AB426E7A}\MpKsl0e75d5a7.sys [?]
S1 MpKsl107d801b;MpKsl107d801b;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F1EC44-2EC6-4260-B57C-4C3B1E6018CD}\MpKsl107d801b.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F1EC44-2EC6-4260-B57C-4C3B1E6018CD}\MpKsl107d801b.sys [?]
S1 MpKsl152a2806;MpKsl152a2806;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D9A136E-62EE-496D-A77F-B947C3BC712B}\MpKsl152a2806.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D9A136E-62EE-496D-A77F-B947C3BC712B}\MpKsl152a2806.sys [?]
S1 MpKsl45534fba;MpKsl45534fba;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3E87BA7-FEFF-4635-A722-D934B4902817}\MpKsl45534fba.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3E87BA7-FEFF-4635-A722-D934B4902817}\MpKsl45534fba.sys [?]
S1 MpKsl66d0dd4e;MpKsl66d0dd4e;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD34D8BC-5E2C-4C9B-920B-31DD2BA8DB5D}\MpKsl66d0dd4e.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD34D8BC-5E2C-4C9B-920B-31DD2BA8DB5D}\MpKsl66d0dd4e.sys [?]
S1 MpKsl67165201;MpKsl67165201;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C1755CE-DC1A-4B52-8D5D-9CE14FC1372B}\MpKsl67165201.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C1755CE-DC1A-4B52-8D5D-9CE14FC1372B}\MpKsl67165201.sys [?]
S1 MpKsl96e96518;MpKsl96e96518;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39F32466-4309-49B0-8BCD-1B3C7B2EE846}\MpKsl96e96518.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39F32466-4309-49B0-8BCD-1B3C7B2EE846}\MpKsl96e96518.sys [?]
S1 MpKslb65f4631;MpKslb65f4631;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C36D99-30C9-4F0D-83AB-FC4C7968C0E2}\MpKslb65f4631.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C36D99-30C9-4F0D-83AB-FC4C7968C0E2}\MpKslb65f4631.sys [?]
S1 MpKslcd710e0d;MpKslcd710e0d;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A70072F7-4DAE-4DE5-AA45-28C2A3FDB999}\MpKslcd710e0d.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A70072F7-4DAE-4DE5-AA45-28C2A3FDB999}\MpKslcd710e0d.sys [?]
S1 MpKsld282b8e7;MpKsld282b8e7;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FA979C6-1986-48ED-BE2E-E646D159BCA8}\MpKsld282b8e7.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FA979C6-1986-48ED-BE2E-E646D159BCA8}\MpKsld282b8e7.sys [?]
S1 MpKsle3086e22;MpKsle3086e22;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3E87BA7-FEFF-4635-A722-D934B4902817}\MpKsle3086e22.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3E87BA7-FEFF-4635-A722-D934B4902817}\MpKsle3086e22.sys [?]
S1 MpKslea3737b9;MpKslea3737b9;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92D07C87-8DD8-4D6C-8434-12B3F86018C5}\MpKslea3737b9.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92D07C87-8DD8-4D6C-8434-12B3F86018C5}\MpKslea3737b9.sys [?]
S1 MpKslf6de82eb;MpKslf6de82eb;\??\g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BB0F536-905D-4218-95C8-1D9EB3361E76}\MpKslf6de82eb.sys --> g:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BB0F536-905D-4218-95C8-1D9EB3361E76}\MpKslf6de82eb.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;g:\windows\system32\drivers\wacmoumonitor.sys [3/31/2009 7:49 PM 16240]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL005BDCC1
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2012-01-02 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1284227242-839522115-1003Core.job
- g:\documents and settings\Hot Rod Gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 17:29]
.
2012-01-03 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1284227242-839522115-1003UA.job
- g:\documents and settings\Hot Rod Gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 17:29]
.
2011-10-05 g:\windows\Tasks\Hot Rod Gary pics.job
- g:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-03-14 20:34]
.
2011-10-05 g:\windows\Tasks\Hot Rod Gary Pictures.job
- g:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-03-14 20:34]
.
2012-01-02 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-01-03 g:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- g:\program files\Ask.com\UpdateTask.exe [2011-08-24 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - g:\documents and settings\Hot Rod Gary\Application Data\Mozilla\Firefox\Profiles\0lhd1lng.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
AddRemove-Google Chrome - g:\documents and settings\Hot Rod Gary\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-02 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-02 20:26:50
ComboFix-quarantined-files.txt 2012-01-03 01:26
.
Pre-Run: 416,740,364,288 bytes free
Post-Run: 418,052,575,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DE34C03517910C6E75DE339F080777FF

hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by hotrodgary on 5th January 2012, 2:09 pm

Checking back in after posting the last log requested.
Are there anymore steps I need to follow? I turned my antivirus back on and have not done anything else with it yet.
Thanks for all the help so far!
Gary

hotrodgary
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-04-15
Gender Gender : Male
OS OS : XP
Points Points : 28075
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer / Possible Spyware? Get outgoing files blocked?

Post by Belahzur on 6th January 2012, 5:18 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum