As requested,
Extras.Txt
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OTL Extras logfile created on: 2/28/2010 12:22:45 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Shane Frazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.97 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 304.48 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SHANE
Current User Name: Shane Frazz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-839522115-1770027372-2147011267-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14004:TCP" = 14004:TCP:*:Enabled:BitComet 14004 TCP
"14004:UDP" = 14004:UDP:*:Enabled:BitComet 14004 UDP
"49155:TCP" = 49155:TCP:*:Enabled:BitComet 49155 TCP
"49155:UDP" = 49155:UDP:*:Enabled:BitComet 49155 UDP
"50505:TCP" = 50505:TCP:*:Enabled:BitComet 50505 TCP
"50505:UDP" = 50505:UDP:*:Enabled:BitComet 50505 UDP
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{426F4A60-F14C-4050-91D1-B206341BEC8F}" = Plants vs. Zombies
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{984EB237-BE28-43AF-A271-4DF0CCADA341}" = Diner Dash Series
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BB4B6355-D38A-492C-873B-A1B2CF6C3832}" = Trend Micro PC-cillin Internet Security 2007
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}" = HTC Sync
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Deutz Engine" = Deutz Engine
"Diablo II" = Diablo II
"Drug Lord 2" = Drug Lord 2
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"feym6ia" = LoudMo Contextual Ad Assistant
"FL Studio 9" = FL Studio 9
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"GOM Player" = GOM Player
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ICCup Launcher_is1" = ICCup Launcher
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.
" = Mozilla Firefox (3.5.
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Selection_is1" = Natural Selection 3.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nokia PC Suite" = Nokia PC Suite
"Pcsx2_is1" = Pcsx2 0.9.1 Watermoose
"PCSX2-beta-r1888" = PCSX2 - Playstation 2 Emulator
"PFPortChecker" = PFPortChecker 1.0.32
"Phun_is1" = Algodoo Phun edition v5.28
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Sawer" = Sawer
"SketchyPhysics3_is1" = SketchyPhysics3x
"ST6UNST #1" = The HSC Assistant SDD
"Starcraft" = Starcraft
"Steam App 70" = Half-Life
"SysInfo" = Creative System Information
"TmPcc" = Trend Micro PC-cillin Internet Security 2007
"Toxic Biohazard" = Toxic Biohazard
"Tweak UI 2.10" = Tweak UI
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/13/2009 12:21:03 AM | Computer Name = SHANE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/14/2009 12:32:36 AM | Computer Name = SHANE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/25/2009 7:27:55 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.
Error - 6/25/2009 7:33:48 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.
Error - 6/25/2009 7:34:12 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.
Error - 6/25/2009 7:34:37 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.
Error - 6/25/2009 7:35:00 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.
[ System Events ]
Error - 2/25/2010 11:47:40 PM | Computer Name = SHANE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 2/25/2010 11:47:40 PM | Computer Name = SHANE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/26/2010 7:43:29 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 2/26/2010 7:43:29 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atitray i8042prt
Error - 2/27/2010 10:15:33 AM | Computer Name = SHANE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 2/27/2010 10:15:35 AM | Computer Name = SHANE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atitray i8042prt
Error - 2/27/2010 6:02:57 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 2/27/2010 6:02:59 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atitray i8042prt
Error - 2/27/2010 6:03:20 PM | Computer Name = SHANE | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.175. The machine with the IP address 192.168.0.120 did
not allow the name to be claimed by this machine.
Error - 2/27/2010 6:06:20 PM | Computer Name = SHANE | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.175. The machine with the IP address 192.168.0.120 did
not allow the name to be claimed by this machine.
< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OTL.Txt
OTL logfile created on: 2/28/2010 12:22:45 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Shane Frazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.97 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 304.48 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SHANE
Current User Name: Shane Frazz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- File not found
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe (Trend Micro Inc.)
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe (Trend Micro Inc.)
SRV - (PcScnSrv) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (Trend Micro Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
========== Driver Services (SafeList) ========== DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (Tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (Vsapint) -- C:\WINDOWS\system32\drivers\VsapiNT.sys (Trend Micro Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tmmbd) -- C:\WINDOWS\system32\drivers\tm_mbd_c.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\System32\Drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1770027372-2147011267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-839522115-1770027372-2147011267-1003\S-1-5-21-839522115-1770027372-2147011267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 12:31:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 18:58:28 | 000,000,000 | ---D | M]
[2009/10/30 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Extensions
[2009/10/30 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/28 01:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Firefox\Profiles\0mv3ss3x.default\extensions
[2010/02/27 17:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Firefox\Profiles\0mv3ss3x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/02/16 21:02:51 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Firefox\Profiles\0mv3ss3x.default\searchplugins\Search.xml
[2010/02/28 01:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 19:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
O1 HOSTS File: ([2003/04/01 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-839522115-1770027372-2147011267-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-839522115-1770027372-2147011267-1003..\Run: [OE] C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1770027372-2147011267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (athgina.dll) - C:\WINDOWS\System32\athgina.dll (Atheros)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/24 16:40:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 20:52:18 | 000,000,080 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/02/28 12:18:37 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe
[2010/02/28 01:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2010/02/27 17:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Desktop\New CD
[2010/02/24 17:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Desktop\Resume Stuff
[2010/02/23 17:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\My Documents\Heroes of Newerth
[2010/02/23 17:39:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/02/23 17:39:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/02/23 17:39:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/02/23 17:39:37 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/02/23 17:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/21 21:16:54 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2010/02/20 22:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/20 22:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/20 22:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/20 22:47:36 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/20 22:47:36 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/20 22:47:36 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/20 22:47:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/20 22:47:35 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/20 22:47:35 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/19 03:02:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/02/18 19:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Application Data\PlayFirst
[2010/02/18 19:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/02/18 14:29:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shane Frazz\IECompatCache
[2010/02/18 09:51:29 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/18 09:50:07 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/18 09:50:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/18 07:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Application Data\Malwarebytes
[2010/02/18 07:42:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 07:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 07:41:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 07:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/13 07:44:30 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/01/11 08:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2008/11/24 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/24 19:50:38 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2008/11/24 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/24 16:39:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/24 16:39:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/02/28 12:19:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\kwy7uzkc.exe
[2010/02/28 12:18:48 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe
[2010/02/28 12:17:47 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2010/02/28 11:12:24 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2010/02/28 09:03:53 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 09:02:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 09:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 02:29:03 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\ntuser.dat
[2010/02/28 02:29:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Shane Frazz\ntuser.ini
[2010/02/28 02:10:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\BitComet.job
[2010/02/28 01:31:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/28 01:29:31 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 19:41:35 | 001,384,066 | -H-- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\IconCache.db
[2010/02/27 19:41:09 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\UNI Timetable.xls
[2010/02/25 00:52:03 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\JDownloader.job
[2010/02/24 02:13:44 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/23 07:39:34 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/23 07:39:34 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/23 07:39:34 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/23 07:33:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 13:55:33 | 135,160,330 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\au_nsw_sydney-newcastle-wollongong_12-17.zip
[2010/02/22 08:43:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\housecall.guid.cache
[2010/02/22 08:15:06 | 000,118,284 | ---- | M] () -- C:\WINDOWS\System32\FeyM6iA.exe
[2010/02/21 22:33:29 | 000,044,464 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 20:55:13 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 03:14:22 | 000,000,932 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/19 03:02:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/02/18 16:50:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\HijackThis.lnk
[2010/02/18 07:42:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 11:57:55 | 000,032,490 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/02/13 11:57:52 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/02/13 11:57:52 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/02/12 21:17:22 | 015,310,852 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.002
[2010/02/12 21:17:22 | 000,501,760 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.scr
[2010/02/12 21:17:22 | 000,501,760 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.exe
[2010/02/12 21:17:22 | 000,001,350 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.ssp
[2010/02/12 21:17:06 | 029,493,252 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.001
[2010/02/12 21:16:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.mda
[2010/02/08 15:22:41 | 000,046,288 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3x
[2010/02/07 17:17:48 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/02/04 19:37:52 | 000,046,644 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Application Data\NMM-MetaData.db
[2010/02/02 15:33:43 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\MSY Email.doc
[2010/02/01 16:42:44 | 000,025,043 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3m
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/02/28 12:19:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\kwy7uzkc.exe
[2010/02/22 13:19:17 | 135,160,330 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\au_nsw_sydney-newcastle-wollongong_12-17.zip
[2010/02/22 08:43:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\housecall.guid.cache
[2010/02/22 08:15:06 | 000,118,284 | ---- | C] () -- C:\WINDOWS\System32\FeyM6iA.exe
[2010/02/21 21:16:54 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/02/19 03:02:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/02/18 09:39:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\HijackThis.lnk
[2010/02/18 07:42:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 07:44:31 | 000,032,490 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/02/13 07:44:30 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/02/12 21:17:22 | 000,501,760 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.scr
[2010/02/12 21:17:22 | 000,501,760 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.exe
[2010/02/12 21:17:22 | 000,001,350 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.ssp
[2010/02/12 21:17:06 | 015,310,852 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.002
[2010/02/12 21:16:31 | 029,493,252 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.001
[2010/02/12 21:16:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.mda
[2010/02/09 18:13:34 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\UNI Timetable.xls
[2010/02/02 15:33:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\MSY Email.doc
[2010/02/01 22:34:17 | 000,046,288 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3x
[2010/02/01 16:42:43 | 000,025,043 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3m
[2010/01/04 10:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/12/08 19:36:32 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2009/11/12 10:11:06 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/12 10:09:34 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/07/19 00:20:24 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009/07/19 00:19:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/07/17 12:22:15 | 000,138,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/06 19:17:35 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/06 19:17:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/06 19:17:00 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/07/06 19:17:00 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/07/06 19:16:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/06/26 17:04:46 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\fusioncache.dat
[2009/06/09 18:01:34 | 000,046,644 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Application Data\NMM-MetaData.db
[2009/05/29 20:01:30 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/23 23:39:18 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2009/05/22 20:33:15 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/22 20:33:15 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/22 20:33:15 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/21 16:56:56 | 000,000,206 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2009/03/12 15:24:51 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/03/11 20:56:27 | 000,000,036 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/03/11 15:55:48 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/03/11 15:55:48 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/01/05 17:17:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/05 16:21:31 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/25 20:36:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/23 21:09:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/12/12 21:56:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/28 16:14:42 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/25 18:27:13 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 20:22:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/11/24 19:50:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/05/03 22:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 21:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/03/22 12:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\tasks\BitComet.job:SummaryInformation
< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GMER Results
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-02-28 17:29:12
Windows 5.1.2600 Service Pack 3
Running: kwy7uzkc.exe; Driver: C:\DOCUME~1\SHANEF~1\LOCALS~1\Temp\uxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwClose [0xA7D51CE0]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwConnectPort [0xA7D51FB0]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwCreateProcess [0xA7D51310]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwCreateProcessEx [0xA7D515E0]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwOpenProcess [0xA7D51840]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwRequestWaitReplyPort [0xA7D52150]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwWriteVirtualMemory [0xA7D51E80]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 108 804E2774 1 Byte [10]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6E44000, 0x1C5D38, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
---- EOF - GMER 1.0.15 ----
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Regards,
Shane