Hi deltalima,
This is my home/work comp and Westside is my office network domain that I use when I am in the office.
These are the results from OTL & GMER
1. OTL.exe
OTL logfile created on: 9/10/2010 2:33:17 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Alina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 116.57 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 44.46 Gb Total Space | 43.47 Gb Free Space | 97.77% Space Free | Partition Type: NTFS
Computer Name: WEBADMIN
Current User Name: Alina
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alina\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (.EsetTrialReset) -- C:\WINDOWS\System32\regedt32.exe (Microsoft Corporation)
SRV - (Advantage) -- C:\Program Files\Extended Systems\Advantage 8.1\Server\ads.exe (Extended Systems, Inc.)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (FixTDSS) -- File not found
DRV - (intelppm) -- C:\WINDOWS\system32\drivers\intelppm.sys ()
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (FwLnk) -- C:\WINDOWS\system32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (mam4410u) -- C:\WINDOWS\system32\drivers\mam4410u.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Ma730Pt) -- C:\WINDOWS\system32\drivers\ma730Pt.sys (Mobile Action Technology Inc.)
DRV - (Ma730Vad) -- C:\WINDOWS\system32\drivers\Ma730Vad.sys (Mobile Action Technology Inc.)
DRV - (mam4410m) -- C:\WINDOWS\system32\drivers\mam4410m.sys (Mobile Action Technology Inc.)
DRV - (mam4410c) -- C:\WINDOWS\system32\drivers\mam4410c.sys (Mobile Action Technology Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig?hl=en&source=iglkIE - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 F8 2B CB 5B 50 CB 01 [binary data]
IE - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 14:43:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 14:49:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 14:33:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2010/08/06 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alina\Application Data\Mozilla\Extensions
[2010/09/07 10:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alina\Application Data\Mozilla\Firefox\Profiles\as73r6e1.default\extensions
[2010/08/06 15:02:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alina\Application Data\Mozilla\Firefox\Profiles\as73r6e1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 10:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/16 13:34:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/09/09 09:24:09 | 000,000,736 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/23 10:13:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/09/10 14:31:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alina\Desktop\OTL.exe
[2010/09/10 14:21:12 | 001,725,488 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Alina\Desktop\FixTDSS.exe
[2010/09/10 01:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/09/09 23:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/09 23:50:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/09/09 23:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Application Data\Windows Search
[2010/09/09 16:31:51 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/09/09 16:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/09 16:25:19 | 011,862,384 | ---- | C] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/09/09 15:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/09 15:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/09 15:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Application Data\IObit
[2010/09/09 15:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/09 15:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Application Data\Help
[2010/09/09 15:07:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/09 13:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/09 13:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Application Data\Uniblue
[2010/09/09 12:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/09/09 08:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/08 16:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/09/08 15:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/07 14:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/07 13:15:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/07 12:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/09/07 10:58:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/29 12:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Local Settings\Application Data\Temp
[2010/08/29 12:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Local Settings\Application Data\Google
[2010/08/29 12:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Local Settings\Application Data\Deployment
[2010/08/16 14:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/16 13:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/08/16 13:34:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/16 13:34:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/16 13:34:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/16 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alina\Desktop\Time card
[2009/04/23 11:31:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/09/10 14:32:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/10 14:31:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alina\Desktop\OTL.exe
[2010/09/10 14:27:11 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 14:27:11 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-2000478354-1417001333-500.job
[2010/09/10 14:27:11 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/10 14:27:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-2000478354-1417001333-1003.job
[2010/09/10 14:27:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 14:26:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 14:26:55 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 14:26:09 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Alina\NTUSER.DAT
[2010/09/10 14:26:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Alina\ntuser.ini
[2010/09/10 14:25:29 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2010/09/10 14:21:47 | 012,826,638 | -H-- | M] () -- C:\Documents and Settings\Alina\Local Settings\Application Data\IconCache.db
[2010/09/10 14:21:17 | 001,725,488 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Alina\Desktop\FixTDSS.exe
[2010/09/10 12:00:33 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\MSEssentials_screen2.doc
[2010/09/10 12:00:10 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Alina\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/09/10 11:54:35 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\MSEssentials_screen1.doc
[2010/09/10 11:35:52 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\Microsoft Security Essentials encountered the following error.doc
[2010/09/10 11:08:21 | 000,002,558 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010/09/10 10:58:45 | 000,000,179 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010/09/10 09:31:34 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\SecurityCheck.exe
[2010/09/10 01:17:11 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Alina\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/09/09 23:10:40 | 000,004,757 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/09 16:27:29 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/09 16:24:01 | 011,862,384 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/09/09 16:20:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2CC39AFD-9F33-44A1-95C4-E150DAA5BBBF}.job
[2010/09/09 16:15:23 | 000,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/09 16:15:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/09 16:15:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/09 15:55:24 | 000,010,732 | ---- | M] () -- C:\ADS_ERR.ADT
[2010/09/09 15:55:24 | 000,003,072 | ---- | M] () -- C:\ADS_ERR.ADI
[2010/09/09 15:31:40 | 000,000,787 | ---- | M] () -- C:\ads_err.dbf
[2010/09/09 13:44:13 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\HijackThis.lnk
[2010/09/09 13:04:52 | 000,002,048 | ---- | M] () -- C:\ADS_ERR.adm
[2010/09/09 12:43:12 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/08 16:53:14 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Alina\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/09/08 14:52:00 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/08 12:25:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-2000478354-1417001333-1003.job
[2010/09/08 10:47:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/08 10:34:14 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/09/07 13:20:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Alina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 12:29:45 | 000,623,130 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 11:50:45 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-2000478354-1417001333-500.job
[2010/09/07 10:13:05 | 000,000,062 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/09/03 15:15:37 | 000,000,789 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/03 15:09:35 | 000,170,746 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\List-of-attorneys.pdf
[2010/09/02 21:14:16 | 000,000,140 | ---- | M] () -- C:\WINDOWS\twain.dat
[2010/08/26 15:38:09 | 000,000,224 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/08/21 04:38:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/08/20 12:05:25 | 000,002,357 | ---- | M] () -- C:\WINDOWS\System32\ADSLOCAL.CFG
[2010/08/12 13:14:20 | 000,051,241 | ---- | M] () -- C:\Documents and Settings\Alina\Desktop\Ins_list.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/09/10 12:00:33 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Alina\Desktop\MSEssentials_screen2.doc
[2010/09/10 11:54:35 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\Alina\Desktop\MSEssentials_screen1.doc
[2010/09/10 11:35:51 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Alina\Desktop\Microsoft Security Essentials encountered the following error.doc
[2010/09/10 09:31:30 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Alina\Desktop\SecurityCheck.exe
[2010/09/09 23:50:42 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/09/09 23:50:42 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/09/09 23:50:42 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/09/09 23:50:42 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/09/09 16:32:43 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/09 16:27:29 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/09 15:28:50 | 000,000,787 | ---- | C] () -- C:\ads_err.dbf
[2010/09/09 13:44:13 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Alina\Desktop\HijackThis.lnk
[2010/09/09 13:04:52 | 000,010,732 | ---- | C] () -- C:\ADS_ERR.ADT
[2010/09/09 13:04:52 | 000,003,072 | ---- | C] () -- C:\ADS_ERR.ADI
[2010/09/08 10:08:48 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/07 12:33:26 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 11:09:21 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-2000478354-1417001333-500.job
[2010/09/07 11:09:21 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-2000478354-1417001333-500.job
[2010/09/03 00:55:04 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/12 13:14:20 | 000,051,241 | ---- | C] () -- C:\Documents and Settings\Alina\Desktop\Ins_list.pdf
[2010/07/02 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll
[2010/07/02 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll
[2010/06/30 11:25:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SW_Win2000X5.DLL
[2010/06/16 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll
[2010/06/01 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys
[2010/06/01 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll
[2010/05/28 11:45:10 | 000,002,734 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010/05/10 15:09:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/20 14:54:38 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ppe_fleetdb.vdb
[2010/03/06 15:47:53 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\Alina\Application Data\default.rss
[2009/11/14 16:43:14 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/26 00:41:42 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Alina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/14 15:53:37 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/08/06 12:46:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\hpjmonsv.ini
[2009/08/06 12:42:17 | 000,002,476 | ---- | C] () -- C:\WINDOWS\hpstatus.ini
[2009/08/06 12:42:08 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\jfwapi.dll
[2009/08/05 14:37:54 | 000,000,179 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009/08/05 14:29:05 | 000,002,558 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/17 23:30:55 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Alina\Application Data\mcs.rma
[2009/05/17 23:30:55 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Alina\Application Data\D86560
[2009/05/17 20:02:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2009/05/17 19:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2009/05/17 19:44:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI
[2009/05/15 19:11:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Medisoft.ini
[2009/05/15 19:03:27 | 000,000,062 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/05/12 23:00:03 | 000,000,224 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/12 22:32:45 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/12 22:32:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/12 22:32:43 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/12 22:32:43 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/12 22:32:41 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/12 22:32:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/12 20:40:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2009/05/12 20:23:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/04/23 11:37:18 | 000,000,789 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/23 11:31:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2009/04/23 11:01:46 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/04/23 11:01:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/04/23 11:01:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/04/23 11:01:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/04/23 11:01:32 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/04/23 10:34:07 | 006,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2009/04/23 10:31:01 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009/04/23 10:31:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009/04/23 10:31:01 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009/04/23 10:31:01 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2009/04/23 10:26:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008/04/14 08:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/06/11 17:39:12 | 006,270,976 | ---- | C] () -- C:\WINDOWS\System32\cricu19.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >
2. Extras.exe
OTL Extras logfile created on: 9/10/2010 2:33:17 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Alina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 116.57 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 44.46 Gb Total Space | 43.47 Gb Free Space | 97.77% Space Free | Partition Type: NTFS
Computer Name: WEBADMIN
Current User Name: Alina
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Medisoft\Bin\MAPA.EXE" = C:\Program Files\Medisoft\Bin\MAPA.EXE:*:Enabled:MAPA -- File not found
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- File not found
"C:\Program Files\Remote Desktop Control 2\apc_Admin.exe" = C:\Program Files\Remote Desktop Control 2\apc_Admin.exe:*:Enabled:Admin Module -- File not found
"C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe" = C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe:*:Enabled:Auslogics Disk Defrag -- (Auslogics)
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" = C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:DAEMON Tools Lite -- (DT Soft Ltd)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- File not found
"C:\Program Files\Pandora\Pandora.exe" = C:\Program Files\Pandora\Pandora.exe:*:Enabled:Pandora -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Documents and Settings\Alina\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Alina\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox.exe -- (Mozilla Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{059872C6-D800-4A28-81AD-917E254CBE30}" = Advantage OLE DB Provider v8.1
"{084548D1-AE93-4A17-9572-D59631F1846B}" = TOSHIBA V.92 MoH Application
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0B300F-4DAD-4A36-4337-6FE3B050AB00}" = Pandora
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5767A718-DB8E-4AFD-8895-B8EB655A420F}" = Advantage Database Server for Windows NT/2000/2003 v8.1 (USA)
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78a490b1-e478-4f31-8f2a-41f0b0511afa}" = Nero 9
"{7CA4F780-7AD0-417A-82A1-46EB825CFD53}" = HP Managed Printing Admin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93A23A03-49A4-4BEB-BD51-EFDA3B1E1DEB}" = Advantage OLE DB Provider v7.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995414B4-F332-469F-BD9F-011DDB0003BD}" = ScanXL-ELM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A78BCACA-5A4A-4FCA-BF03-B42C2C5F934D}" = Advantage ODBC Driver v8.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}" = PDF Download for Internet Explorer
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5E466E6-A10E-47CE-84AF-74B0A0245BA2}" = Advantage ODBC Driver v7.1
"{D997B81E-D87D-427D-ABC6-0F35F76ECA36}" = PTNotes
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"32-BIT BDE" = 32-BIT BDE
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advantage Remote Management Utility" = Advantage Remote Management Utility
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"Flip Words 2_is1" = Flip Words 2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"Medisoft Patient Accounting 11 SP3" = Medisoft Patient Accounting 11 SP3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.
" = Mozilla Firefox (3.6.
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"STANDARDR" = Microsoft Office Standard 2007
"TeamViewer 5" = TeamViewer 5
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 9/10/2010 9:25:24 AM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 11:07:49 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:14:54 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:23:31 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:33:30 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:50:23 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 12:00:18 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:25:57 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:31:13 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 2:31:17 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
[ Application Events ]
Error - 9/10/2010 9:25:24 AM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 11:07:49 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:14:54 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:23:31 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:33:30 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:50:23 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 12:00:18 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:25:57 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:31:13 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 2:31:17 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
[ OSession Events ]
Error - 10/16/2009 11:59:41 AM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/11/2010 11:04:59 AM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88656
seconds with 5160 seconds of active time. This session ended with a crash.
Error - 6/16/2010 4:53:59 PM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 110865
seconds with 5100 seconds of active time. This session ended with a crash.
Error - 6/18/2010 7:03:43 AM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 66118
seconds with 5100 seconds of active time. This session ended with a crash.
Error - 6/23/2010 12:17:52 PM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3585
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/10/2010 2:23:04 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.
Error - 9/10/2010 2:23:04 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053
Error - 9/10/2010 2:23:04 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 9/10/2010 2:23:07 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 9/10/2010 2:25:28 PM | Computer Name = WEBADMIN | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147632576 User:
WEBADMIN\Alina Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category:
Virus Path: driver:intelppm Action: %%808 Error Code: 0x800704ec Error description:
Windows cannot open this program because it has been prevented by a software restriction
policy. For more information, open Event Viewer or contact your system administrator.
Status: To finish removing spyware and other potentially unwanted software, restart
the computer. To see how to finish removing spyware and other potentially unwanted
software, see this support article on the Microsoft Security website. Signature
Version: AV: 1.89.1411.0, AS: 1.89.1411.0 Engine Version: 1.1.6103.0
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Ma730Pt | ID = 393234
Description =
Error - 9/10/2010 2:27:13 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
< End of report >
2. Extras.exe
OTL Extras logfile created on: 9/10/2010 2:33:17 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Alina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 116.57 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 44.46 Gb Total Space | 43.47 Gb Free Space | 97.77% Space Free | Partition Type: NTFS
Computer Name: WEBADMIN
Current User Name: Alina
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Medisoft\Bin\MAPA.EXE" = C:\Program Files\Medisoft\Bin\MAPA.EXE:*:Enabled:MAPA -- File not found
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- File not found
"C:\Program Files\Remote Desktop Control 2\apc_Admin.exe" = C:\Program Files\Remote Desktop Control 2\apc_Admin.exe:*:Enabled:Admin Module -- File not found
"C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe" = C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe:*:Enabled:Auslogics Disk Defrag -- (Auslogics)
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" = C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:DAEMON Tools Lite -- (DT Soft Ltd)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- File not found
"C:\Program Files\Pandora\Pandora.exe" = C:\Program Files\Pandora\Pandora.exe:*:Enabled:Pandora -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Documents and Settings\Alina\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Alina\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox.exe -- (Mozilla Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{059872C6-D800-4A28-81AD-917E254CBE30}" = Advantage OLE DB Provider v8.1
"{084548D1-AE93-4A17-9572-D59631F1846B}" = TOSHIBA V.92 MoH Application
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0B300F-4DAD-4A36-4337-6FE3B050AB00}" = Pandora
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5767A718-DB8E-4AFD-8895-B8EB655A420F}" = Advantage Database Server for Windows NT/2000/2003 v8.1 (USA)
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78a490b1-e478-4f31-8f2a-41f0b0511afa}" = Nero 9
"{7CA4F780-7AD0-417A-82A1-46EB825CFD53}" = HP Managed Printing Admin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93A23A03-49A4-4BEB-BD51-EFDA3B1E1DEB}" = Advantage OLE DB Provider v7.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995414B4-F332-469F-BD9F-011DDB0003BD}" = ScanXL-ELM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A78BCACA-5A4A-4FCA-BF03-B42C2C5F934D}" = Advantage ODBC Driver v8.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}" = PDF Download for Internet Explorer
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5E466E6-A10E-47CE-84AF-74B0A0245BA2}" = Advantage ODBC Driver v7.1
"{D997B81E-D87D-427D-ABC6-0F35F76ECA36}" = PTNotes
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"32-BIT BDE" = 32-BIT BDE
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advantage Remote Management Utility" = Advantage Remote Management Utility
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"Flip Words 2_is1" = Flip Words 2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"Medisoft Patient Accounting 11 SP3" = Medisoft Patient Accounting 11 SP3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.
" = Mozilla Firefox (3.6.
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"STANDARDR" = Microsoft Office Standard 2007
"TeamViewer 5" = TeamViewer 5
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-789336058-2000478354-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 9/10/2010 9:25:24 AM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 11:07:49 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:14:54 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:23:31 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:33:30 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:50:23 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 12:00:18 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:25:57 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:31:13 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 2:31:17 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
[ Application Events ]
Error - 9/10/2010 9:25:24 AM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 11:07:49 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:14:54 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:23:31 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:33:30 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 11:50:23 AM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 12:00:18 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:25:57 PM | Computer Name = WEBADMIN | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/10/2010 2:31:13 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 9/10/2010 2:31:17 PM | Computer Name = WEBADMIN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
[ OSession Events ]
Error - 10/16/2009 11:59:41 AM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/11/2010 11:04:59 AM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88656
seconds with 5160 seconds of active time. This session ended with a crash.
Error - 6/16/2010 4:53:59 PM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 110865
seconds with 5100 seconds of active time. This session ended with a crash.
Error - 6/18/2010 7:03:43 AM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 66118
seconds with 5100 seconds of active time. This session ended with a crash.
Error - 6/23/2010 12:17:52 PM | Computer Name = WEBADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3585
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/10/2010 2:23:04 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.
Error - 9/10/2010 2:23:04 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053
Error - 9/10/2010 2:23:04 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 9/10/2010 2:23:07 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 9/10/2010 2:25:28 PM | Computer Name = WEBADMIN | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147632576 User:
WEBADMIN\Alina Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category:
Virus Path: driver:intelppm Action: %%808 Error Code: 0x800704ec Error description:
Windows cannot open this program because it has been prevented by a software restriction
policy. For more information, open Event Viewer or contact your system administrator.
Status: To finish removing spyware and other potentially unwanted software, restart
the computer. To see how to finish removing spyware and other potentially unwanted
software, see this support article on the Microsoft Security website. Signature
Version: AV: 1.89.1411.0, AS: 1.89.1411.0 Engine Version: 1.1.6103.0
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 9/10/2010 2:27:11 PM | Computer Name = WEBADMIN | Source = Ma730Pt | ID = 393234
Description =
Error - 9/10/2010 2:27:13 PM | Computer Name = WEBADMIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
< End of report >
I will post Gmer results separetly