i got rid of the two keygen files that i found. here are the logs:
OTL logfile created on: 3/8/2010 9:29:09 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = H:\Documents and Settings\chris manley\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 111.79 Gb Total Space | 3.59 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 127.99 Gb Total Space | 77.25 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: MINE
Current User Name: chris manley
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - H:\Documents and Settings\chris manley\Desktop\OTL.exe (OldTimer Tools)
PRC - H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - H:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - H:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - H:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - H:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
PRC - H:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - H:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - H:\Program Files\Creative\ShareDLL\MEDIADET.EXE (Creative Technology Ltd.)
PRC - H:\Program Files\Creative\ShareDLL\CTNOTIFY.EXE (Creative Technology Ltd.)
PRC - H:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
PRC - H:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
========== Modules (SafeList) ========== MOD - H:\Documents and Settings\chris manley\Desktop\OTL.exe (OldTimer Tools)
MOD - H:\WINDOWS\system32\__c00F92D0.dat ()
MOD - H:\WINDOWS\system32\dsound.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service) -- H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (iPod Service) -- H:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (gupdate1c988b7520d0ef0) Google Update Service (gupdate1c988b7520d0ef0) -- H:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Bonjour Service) -- H:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- H:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirMailService) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
SRV - (NVSvc) -- H:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (antivirwebservice) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
SRV - (AVEService) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
SRV - (WMDM PMSP Service) -- H:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- H:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
========== Driver Services (SafeList) ========== DRV - (avipbb) -- H:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
DRV - (GEARAspiWDM) -- H:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PxHelp20) -- H:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nv) -- H:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- H:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- H:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv) -- H:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (L6DP) -- H:\WINDOWS\system32\drivers\l6dp.sys (Line 6)
DRV - (L6TPortB) -- H:\WINDOWS\system32\drivers\L6TPortB.sys (Line 6)
DRV - (L6PODLV) -- H:\WINDOWS\system32\drivers\L6PODLV.sys (Line 6)
DRV - (GPWADrv) Service for L6 GuitarPort Driver (WDM) -- H:\WINDOWS\system32\drivers\GPWADrv.sys (Line 6)
DRV - (nvnetbus) -- H:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- H:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- H:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- H:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Ptilink) -- H:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (sbext) -- H:\WINDOWS\system32\drivers\sbext.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- H:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://toolbar.inbox.com/help/sa_custom ... tbid=80103IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://toolbar.inbox.com/search/ie.aspx?tbid=80103 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\S-1-5-21-823518204-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\S-1-5-21-823518204-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - prefs.js..keyword.defaultURL: "http://www9.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2010/02/23 18:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2010/01/06 17:21:18 | 000,000,000 | ---D | M]
[2009/09/01 15:14:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Extensions
[2009/09/01 15:14:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/07 09:38:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions
[2008/12/26 22:54:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/08 09:23:03 | 000,000,000 | ---D | M] (XUL Cache) -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}
[2009/07/29 17:23:50 | 000,002,168 | ---- | M] () -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\searchplugins\inbox-search.xml
[2009/02/03 21:31:04 | 000,000,246 | ---- | M] () -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\searchplugins\Yoog Search.xml
[2010/03/07 09:38:27 | 000,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions
[2008/08/23 16:57:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- H:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/26 10:03:08 | 000,000,000 | ---D | M] (Firefox security) -- H:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/10/14 15:54:29 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {04344831-1C91-456F-AD75-ED9628A24227} - H:\WINDOWS\system32\camocx32.dll ()
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (adsoftinc) - {a827e29e-c025-a5b8-6027-523a4456fc88} - H:\WINDOWS\System32\nsm9.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-823518204-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AudCtrl] H:\WINDOWS\System32\AudCtrl.dll ()
O4 - HKLM..\Run: [avgnt] H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CTNOTIFY.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] H:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] H:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] H:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: H:\Documents and Settings\chris manley\Start Menu\Programs\Startup\Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = H:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\8D.tmp File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = H:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = H:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O12 - Plugin for: .spop - H:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-823518204-651377827-725345543-1003\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.51.205.100 66.51.206.100
O20 - AppInit_DLLs: (H:\WINDOWS\System32\bdco1ins32.dll) - H:\WINDOWS\system32\bdco1ins32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00F92D0: DllName - H:\WINDOWS\system32\__c00F92D0.dat - H:\WINDOWS\system32\__c00F92D0.dat ()
O20 - Winlogon\Notify\a43db07f783: DllName - H:\WINDOWS\System32\bdco1ins32.dll - H:\WINDOWS\system32\bdco1ins32.dll ()
O24 - Desktop WallPaper: H:\Documents and Settings\chris manley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\chris manley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/29 01:15:44 | 000,000,000 | ---D | M] - C:\AutoPlay -- [ NTFS ]
O32 - AutoRun File - [2006/09/20 06:48:58 | 000,000,055 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/03/08 09:25:10 | 000,549,376 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\chris manley\Desktop\OTL.exe
[2010/03/07 09:25:33 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c008F982.dat
[2010/03/05 14:15:37 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00559D6.dat
[2010/03/05 14:04:06 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c009DC76.dat
[2010/03/02 16:23:49 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c004BABD.dat
[2010/03/02 11:25:22 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00B3094.dat
[2010/03/01 11:24:14 | 000,030,720 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c001A25E.dat
[2010/02/28 17:16:28 | 000,030,720 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c002B110.dat
[2010/02/28 17:07:23 | 000,030,720 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c002BC16.dat
[2010/02/27 16:50:51 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00D3F6.dat
[2010/02/27 16:49:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\Application Data\Avira
[2010/02/27 16:29:00 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00B0F09.dat
[2010/02/27 10:46:31 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- H:\Documents and Settings\chris manley\Desktop\HJTInstall.exe
[2010/02/26 17:18:29 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\370136856
[2010/02/26 16:22:07 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c008717.dat
[2010/02/26 10:03:38 | 000,000,000 | -HSD | C] -- H:\WINDOWS\System32\SysWoW32
[2010/02/26 10:03:10 | 000,000,000 | -HSD | C] -- H:\Documents and Settings\chris manley\Application Data\SystemProc
[2010/02/20 11:44:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\My Documents\Updater
[2010/02/20 10:40:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/02/20 10:39:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\Local Settings\Application Data\Adobe
[2010/02/20 10:35:40 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/02/20 10:35:10 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Adobe Systems Shared
[2010/02/20 10:33:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/20 10:25:33 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\Desktop\photos
[2009/02/09 04:14:38 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/06 16:02:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/11 10:53:01 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/11 16:11:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 16:29:24 | 000,059,392 | ---- | C] ( ) -- H:\WINDOWS\System32\a3d.dll
[2008/08/23 16:10:58 | 000,000,000 | --SD | M] -- H:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/23 16:10:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/23 16:08:03 | 000,000,000 | --SD | M] -- H:\Documents and Settings\LocalService\Application Data\Microsoft
[6 H:\WINDOWS\System32\dllcache\*.tmp files -> H:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[21 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2049/12/31 15:00:02 | 002,975,473 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\chris and dog 014.jpg
[2049/12/31 15:00:00 | 002,849,483 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\chris and dog 015.jpg
[2049/12/31 15:00:00 | 001,961,629 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\chris and dog 013.jpg
[2010/03/08 09:28:13 | 000,002,077 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783P.manifest
[2010/03/08 09:28:13 | 000,000,344 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783C.manifest
[2010/03/08 09:27:13 | 000,000,817 | ---- | M] () -- H:\WINDOWS\System32\608022655
[2010/03/08 09:26:48 | 000,293,376 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\u09visiu.exe
[2010/03/08 09:25:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\chris manley\Desktop\OTL.exe
[2010/03/08 09:15:00 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\camocx32.dll
[2010/03/08 08:51:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/08 05:07:21 | 000,000,868 | ---- | M] () -- H:\WINDOWS\tasks\Google Software Updater.job
[2010/03/08 00:51:00 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/07 15:38:15 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dbghelp32.dll
[2010/03/07 10:09:24 | 002,621,440 | -H-- | M] () -- H:\Documents and Settings\chris manley\NTUSER.DAT
[2010/03/07 09:57:51 | 000,451,584 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\CKScanner.exe
[2010/03/07 09:29:26 | 000,030,208 | ---- | M] () -- H:\WINDOWS\System32\__c00F92D0.dat
[2010/03/07 09:29:15 | 000,000,071 | ---- | M] () -- H:\WINDOWS\System32\74bdb778
[2010/03/07 09:28:46 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dot3dlg32.dll
[2010/03/07 09:27:35 | 000,193,359 | ---- | M] () -- H:\WINDOWS\System32\nvapps.xml
[2010/03/07 09:27:31 | 000,000,669 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783O.manifest
[2010/03/07 09:27:31 | 000,000,011 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783S.manifest
[2010/03/07 09:27:31 | 000,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT
[2010/03/07 09:27:30 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2010/03/07 09:27:29 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2010/03/07 09:24:57 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dpus1132.dll
[2010/03/06 14:17:28 | 000,014,359 | ---- | M] () -- H:\WINDOWS\System32\__c00B4F61.exe
[2010/03/06 14:17:26 | 000,031,232 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00559D6.dat
[2010/03/06 12:55:31 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dskquota32.dll
[2010/03/06 11:53:01 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/05 14:14:46 | 000,198,656 | ---- | M] () -- H:\WINDOWS\System32\dgsetup3232.dll
[2010/03/05 14:03:45 | 000,198,656 | ---- | M] () -- H:\WINDOWS\System32\d3dx9_3132.dll
[2010/03/04 16:27:21 | 000,014,359 | ---- | M] () -- H:\WINDOWS\System32\__c00B89F8.exe
[2010/03/04 16:27:20 | 000,030,208 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c004BABD.dat
[2010/03/03 16:25:40 | 000,014,360 | ---- | M] () -- H:\WINDOWS\System32\__c00B9F1C.exe
[2010/03/02 16:23:05 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\compobj32.dll
[2010/03/02 11:08:59 | 000,014,358 | ---- | M] () -- H:\WINDOWS\System32\__c00F915A.exe
[2010/03/02 11:07:52 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dgsetup32.dll
[2010/03/01 11:24:22 | 000,030,720 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c001A25E.dat
[2010/03/01 11:23:46 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dmserver32.dll
[2010/03/01 10:59:15 | 000,014,360 | ---- | M] () -- H:\WINDOWS\System32\__c00966E9.exe
[2010/03/01 09:44:10 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\ddeml32.dll
[2010/03/01 03:02:58 | 000,001,355 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2010/02/28 17:16:37 | 000,030,720 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c002B110.dat
[2010/02/28 17:16:07 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\CmdLineExt32.dll
[2010/02/28 17:06:00 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\avifile32.dll
[2010/02/28 07:20:50 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dnssd32.dll
[2010/02/28 00:52:22 | 000,030,208 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00D3F6.dat
[2010/02/27 20:00:20 | 000,014,359 | ---- | M] () -- H:\WINDOWS\System32\__c0023CCA.exe
[2010/02/27 16:49:24 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dpcdll32.dll
[2010/02/27 16:32:46 | 000,117,360 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/27 10:46:45 | 000,001,766 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\HijackThis.lnk
[2010/02/27 10:46:31 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- H:\Documents and Settings\chris manley\Desktop\HJTInstall.exe
[2010/02/27 10:36:02 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\d3d832.dll
[2010/02/26 16:22:20 | 000,014,362 | ---- | M] () -- H:\WINDOWS\System32\__c001E616.exe
[2010/02/26 16:22:15 | 000,030,208 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c008717.dat
[2010/02/26 10:03:23 | 000,203,776 | -HS- | M] () -- H:\WINDOWS\System32\unrar.exe
[2010/02/26 10:03:07 | 000,200,704 | ---- | M] () -- H:\WINDOWS\System32\bitsprx232.dll
[2010/02/26 10:03:06 | 000,129,536 | ---- | M] () -- H:\WINDOWS\System32\bdco1ins32.dll
[2010/02/26 10:02:53 | 000,578,560 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\QuickTime_Update_KB673901.exe
[2010/02/26 10:02:41 | 000,019,024 | ---- | M] () -- H:\Documents and Settings\chris manley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 18:54:44 | 000,001,947 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/20 21:37:26 | 000,508,970 | ---- | M] () -- H:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/20 21:37:26 | 000,433,126 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2010/02/20 21:37:26 | 000,067,574 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2010/02/20 10:35:54 | 000,001,020 | ---- | M] () -- H:\Documents and Settings\chris manley\Start Menu\Programs\Startup\Adobe Gamma.lnk
[6 H:\WINDOWS\System32\dllcache\*.tmp files -> H:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[21 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/03/08 09:26:48 | 000,293,376 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\u09visiu.exe
[2010/03/08 09:15:00 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\camocx32.dll
[2010/03/07 15:38:15 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dbghelp32.dll
[2010/03/07 09:57:50 | 000,451,584 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\CKScanner.exe
[2010/03/07 09:29:19 | 000,030,208 | ---- | C] () -- H:\WINDOWS\System32\__c00F92D0.dat
[2010/03/07 09:28:46 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dot3dlg32.dll
[2010/03/07 09:24:57 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dpus1132.dll
[2010/03/06 14:17:28 | 000,014,359 | ---- | C] () -- H:\WINDOWS\System32\__c00B4F61.exe
[2010/03/06 12:55:31 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dskquota32.dll
[2010/03/05 14:14:46 | 000,198,656 | ---- | C] () -- H:\WINDOWS\System32\dgsetup3232.dll
[2010/03/05 14:03:45 | 000,198,656 | ---- | C] () -- H:\WINDOWS\System32\d3dx9_3132.dll
[2010/03/04 16:27:21 | 000,014,359 | ---- | C] () -- H:\WINDOWS\System32\__c00B89F8.exe
[2010/03/03 16:25:40 | 000,014,360 | ---- | C] () -- H:\WINDOWS\System32\__c00B9F1C.exe
[2010/03/02 16:23:05 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\compobj32.dll
[2010/03/02 11:08:59 | 000,014,358 | ---- | C] () -- H:\WINDOWS\System32\__c00F915A.exe
[2010/03/02 11:07:52 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dgsetup32.dll
[2010/03/01 11:23:46 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dmserver32.dll
[2010/03/01 10:59:15 | 000,014,360 | ---- | C] () -- H:\WINDOWS\System32\__c00966E9.exe
[2010/03/01 09:44:10 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\ddeml32.dll
[2010/02/28 17:16:07 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\CmdLineExt32.dll
[2010/02/28 17:06:00 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\avifile32.dll
[2010/02/28 07:20:50 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dnssd32.dll
[2010/02/27 20:00:20 | 000,014,359 | ---- | C] () -- H:\WINDOWS\System32\__c0023CCA.exe
[2010/02/27 16:49:24 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dpcdll32.dll
[2010/02/27 10:46:45 | 000,001,766 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\HijackThis.lnk
[2010/02/27 10:36:02 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\d3d832.dll
[2010/02/26 16:48:53 | 000,000,071 | ---- | C] () -- H:\WINDOWS\System32\74bdb778
[2010/02/26 16:22:20 | 000,014,362 | ---- | C] () -- H:\WINDOWS\System32\__c001E616.exe
[2010/02/26 10:04:05 | 000,000,817 | ---- | C] () -- H:\WINDOWS\System32\608022655
[2010/02/26 10:03:23 | 000,203,776 | -HS- | C] () -- H:\WINDOWS\System32\unrar.exe
[2010/02/26 10:03:07 | 000,200,704 | ---- | C] () -- H:\WINDOWS\System32\bitsprx232.dll
[2010/02/26 10:03:06 | 000,129,536 | ---- | C] () -- H:\WINDOWS\System32\bdco1ins32.dll
[2010/02/26 10:03:06 | 000,002,077 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783P.manifest
[2010/02/26 10:03:06 | 000,000,669 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783O.manifest
[2010/02/26 10:03:06 | 000,000,344 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783C.manifest
[2010/02/26 10:03:06 | 000,000,011 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783S.manifest
[2010/02/26 10:02:53 | 000,578,560 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\QuickTime_Update_KB673901.exe
[2010/02/22 18:54:44 | 000,001,947 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/20 10:35:54 | 000,001,020 | ---- | C] () -- H:\Documents and Settings\chris manley\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/17 21:32:09 | 000,043,520 | ---- | C] () -- H:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/21 21:31:41 | 000,000,069 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini
[2008/12/07 16:16:55 | 000,000,063 | ---- | C] () -- H:\WINDOWS\mdm.ini
[2008/11/28 23:40:30 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2008/11/21 13:47:52 | 003,596,288 | ---- | C] () -- H:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 13:45:16 | 000,000,416 | ---- | C] () -- H:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 13:45:16 | 000,000,416 | ---- | C] () -- H:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 13:44:16 | 000,012,288 | ---- | C] () -- H:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/12 12:33:09 | 000,052,736 | ---- | C] () -- H:\Documents and Settings\chris manley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 16:51:49 | 001,703,936 | ---- | C] () -- H:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/23 16:51:49 | 001,486,848 | ---- | C] () -- H:\WINDOWS\System32\nview.dll
[2008/08/23 16:51:49 | 001,019,904 | ---- | C] () -- H:\WINDOWS\System32\nvwimg.dll
[2008/08/23 16:51:49 | 000,466,944 | ---- | C] () -- H:\WINDOWS\System32\nvshell.dll
[2008/08/23 16:51:29 | 000,286,720 | ---- | C] () -- H:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/23 16:51:27 | 000,573,440 | ---- | C] () -- H:\WINDOWS\System32\nvhwvid.dll
[2008/08/23 16:36:24 | 000,000,164 | ---- | C] () -- H:\WINDOWS\avrack.ini
[2008/08/23 16:36:22 | 000,156,672 | ---- | C] () -- H:\WINDOWS\System32\RTLCPAPI.dll
[2008/08/23 16:29:40 | 000,000,231 | ---- | C] () -- H:\WINDOWS\AC3API.INI
[2008/08/23 16:29:24 | 000,047,897 | ---- | C] () -- H:\WINDOWS\System32\AudCtrl.dll
[2008/08/23 16:29:24 | 000,004,501 | ---- | C] () -- H:\WINDOWS\System32\EXTIGY.INI
[2008/08/23 16:29:15 | 000,000,196 | ---- | C] () -- H:\WINDOWS\SBWIN.INI
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- H:\WINDOWS\System32\physxcudart_20.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- H:\WINDOWS\System32\MSRTEDIT.DLL
========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748
< End of report >
OTL Extras logfile created on: 3/8/2010 9:29:09 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = H:\Documents and Settings\chris manley\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 111.79 Gb Total Space | 3.59 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 127.99 Gb Total Space | 77.25 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: MINE
Current User Name: chris manley
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "H:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "H:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "H:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "H:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "H:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "H:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\WINDOWS\system32\dplaysvr.exe" = H:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\age of empires\Copy of Age Of Empires II\age2_x1\age2_x1.exe" = C:\age of empires\Copy of Age Of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\age of empires\Copy of Age Of Empires II\empires2.exe" = C:\age of empires\Copy of Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Games\Steam\SteamApps\cblip\condition zero\hl.exe" = C:\Games\Steam\SteamApps\cblip\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"H:\Program Files\LimeWire\LimeWire.exe" = H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"H:\WINDOWS\system32\dpvsetup.exe" = H:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"H:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = H:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:Star Wars Jedi Knight(TM): Jedi Outcast(TM) -- ()
"H:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = H:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM) -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Games\Steam\SteamApps\common\unreal tournament\System\UnrealTournament.exe" = C:\Games\Steam\SteamApps\common\unreal tournament\System\UnrealTournament.exe:*:Enabled:Unreal Tournament -- ()
"C:\Games\SecondLife\SLVoice.exe" = C:\Games\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Games\Call of Duty\CoDMP.exe" = C:\Games\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A9E9D61-E4DC-4B18-B866-38D99405706D}" = Sound Blaster Extigy
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"5Spice Analysis_is1" = 5Spice Analysis 1.60
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"ASIO4ALL" = ASIO4ALL
"Collab" = Collab
"cont_adsoftinc" = Contextual Platform Adsoftinc
"DAOCCharplan" = DAOC-Charplan
"Dark Age of Camelot" = Dark Age of Camelot
"FL Studio 8" = FL Studio 8
"gnxlcklsfezcqawr" = RON Tool Adsoftinc
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Live 5.2.2" = Live 5.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"SecondLife" = SecondLife (remove only)
"Steam App 13240" = Unreal Tournament
"Toxic Biohazard" = Toxic Biohazard
"Variax Workbench" = Variax Workbench (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/31/2009 6:17:03 AM | Computer Name = MINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2009 11:18:57 PM | Computer Name = MINE | Source = Google Update | ID = 20
Description =
Error - 6/23/2009 8:19:07 PM | Computer Name = MINE | Source = Google Update | ID = 20
Description =
Error - 7/3/2009 12:21:51 AM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application game.dll, version 0.2.0.0, faulting module game.dll,
version 0.2.0.0, fault address 0x0013c4ff.
Error - 9/3/2009 8:53:05 PM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application pteditor.exe, version 1.7.0.80, faulting module
pteditor.exe, version 1.7.0.80, fault address 0x0007d1b3.
Error - 9/6/2009 2:56:00 AM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application game.dll, version 0.2.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000020.
Error - 9/27/2009 2:26:54 AM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application game.dll, version 0.2.0.0, faulting module game.dll,
version 0.2.0.0, fault address 0x002818f3.
Error - 10/28/2009 3:49:28 AM | Computer Name = MINE | Source = Google Update | ID = 20
Description =
Error - 10/28/2009 4:49:29 AM | Computer Name = MINE | Source = Google Update | ID = 20
Description =
Error - 10/28/2009 5:49:30 AM | Computer Name = MINE | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 2/26/2010 3:06:16 PM | Computer Name = MINE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0014852513DD has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 2/26/2010 3:11:06 PM | Computer Name = MINE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0014852513DD has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 2/26/2010 7:17:38 PM | Computer Name = MINE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -1555173 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working
properly.
Error - 3/1/2010 3:10:23 PM | Computer Name = MINE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -1555162 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working
properly.
Error - 3/2/2010 3:27:35 PM | Computer Name = MINE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -1555159 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working
properly.
Error - 3/2/2010 5:27:46 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 3/2/2010 5:27:53 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 3/2/2010 5:28:01 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 3/2/2010 5:28:08 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 3/2/2010 5:28:16 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-08 21:15:40
Windows 5.1.2600 Service Pack 3
Running: u09visiu.exe; Driver: H:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT BAF8D0FC ZwCreateThread
SSDT BAF8D0E8 ZwOpenProcess
SSDT BAF8D0ED ZwOpenThread
SSDT BAF8D0F7 ZwTerminateProcess
SSDT BAF8D0F2 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2554 80501D8C 4 Bytes CALL 0B0B1661
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9683360, 0x32E00D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10011EC9 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10011E53 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10011D7A H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!bind 71AB4480 5 Bytes JMP 10011D04 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10011DDD H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 10011E7D H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 10011F17 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10011E12 H:\WINDOWS\System32\bdco1ins32.dll
---- EOF - GMER 1.0.15 ----