Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr Watson (drwtsn32.exe) error

Started by Kewl Programs , Jan 06 2010 10:32 AM

  • This topic is locked This topic is locked

#1
Kewl Programs
Posted 06 January 2010 - 10:32 AM

Kewl Programs

    New Member

  • Member
  • Pip
  • 3 posts
The problem started on my XP after a infected computer had been added to the network. The infected has been cleaned and removed from the network. The system sometimes runs slower than normal however I only get the errors when trying to install an activex. In particular I am trying to download Adobe Flash Player, that I need for my online school.

I ran Malware and Spyware Cleaning Guide http://www.geekstogo...uide-t2852.html from this site. However, I still get the error. I was unable to properly run the GMER program as it cause the blue scree of death every time it runs (towards the end of the scan). Here are the other logs.

MBAM log

Malwarebytes' Anti-Malware 1.43
Database version: 3493
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2010 4:04:04 PM
mbam-log-2010-01-05 (16-04-04).txt

Scan type: Quick Scan
Objects scanned: 124942
Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logs

OTL.txt
OTL logfile created on: 1/6/2010 10:46:09 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\james bray\Desktop\cleanup
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 124.50 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JBWORKSTATION
Current User Name: james bray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/04 14:33:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\james bray\Desktop\cleanup\OTL.exe
PRC - [2009/12/09 10:20:32 | 00,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
PRC - [2009/12/09 10:20:24 | 00,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32.exe
PRC - [2009/12/07 09:39:46 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/07 09:39:44 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/27 13:38:17 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
PRC - [2009/04/06 10:35:58 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\ORSP Client\fsorsp.exe
PRC - [2009/04/06 10:34:46 | 00,707,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
PRC - [2009/04/06 10:34:18 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
PRC - [2009/04/06 10:34:16 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
PRC - [2009/04/06 10:34:14 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
PRC - [2009/04/06 10:34:12 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
PRC - [2009/04/06 10:34:10 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
PRC - [2009/04/06 10:32:52 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
PRC - [2009/04/06 10:29:48 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\FWES\program\fsdfwd.exe
PRC - [2009/04/06 10:28:54 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
PRC - [2009/04/06 10:28:54 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
PRC - [2009/04/06 10:28:52 | 00,349,280 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
PRC - [2009/04/06 10:27:58 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/20 00:10:06 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/07/20 00:06:12 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/06/10 11:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/01/04 14:33:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\james bray\Desktop\cleanup\OTL.exe
MOD - [2009/04/06 10:35:02 | 00,252,512 | ---- | M] (F-Secure Corporation) -- C:\Program Files\EMBARQ Online Security\Spam Control\fsscoepl.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/07 09:39:44 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/06 10:35:58 | 00,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\EMBARQ Online Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/04/06 10:34:16 | 00,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/04/06 10:29:48 | 00,510,560 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/04/06 10:28:54 | 00,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/04/06 10:27:58 | 00,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKCU\..\URLSearchHook: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\EMBARQ Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKCU\..Trusted Domains: earthlink.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ohiolottery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowslotto.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://content.embar...anner/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{649b3f8b-e4e2-11de-be5b-0013209c3bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{649b3f8b-e4e2-11de-be5b-0013209c3bd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{649b3f8b-e4e2-11de-be5b-0013209c3bd3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ab1b9178-3fad-11dc-bc05-0013209c3bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{ab1b9178-3fad-11dc-bc05-0013209c3bd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab1b9178-3fad-11dc-bc05-0013209c3bd3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/01/10 11:32:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173478272663552)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/04 15:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james bray\Application Data\Malwarebytes
[2010/01/04 15:03:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/04 15:03:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/04 15:03:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 15:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/04 14:57:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/04 14:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/04 14:31:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james bray\Desktop\cleanup
[2010/01/04 12:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/04 12:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james bray\Application Data\SUPERAntiSpyware.com
[2010/01/04 12:22:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/26 03:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/22 02:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/27 14:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2007/04/07 11:28:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/01/02 14:49:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/08/16 05:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/06 10:48:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/06 10:45:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/01/06 09:54:27 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5FA841F0-C518-4F2A-BA72-6D7F04DA6836}.job
[2010/01/06 09:53:27 | 00,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/01/06 09:49:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/06 09:49:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/06 09:49:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/06 09:49:19 | 52,656,5376 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/05 15:43:01 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/05 15:43:01 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/05 15:43:01 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2010/01/05 15:08:12 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\james bray\NTUSER.DAT
[2010/01/05 15:07:47 | 07,011,527 | ---- | M] () -- C:\Documents and Settings\james bray\Desktop\cleanup.zip
[2010/01/05 11:55:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\james bray\ntuser.ini
[2010/01/04 15:03:45 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 14:56:43 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\james bray\Desktop\ERUNT.lnk
[2010/01/04 13:46:47 | 86,170,896 | ---- | M] () -- C:\Documents and Settings\james bray\Desktop\Tutorials.exe
[2010/01/04 12:22:00 | 07,451,168 | ---- | M] () -- C:\Documents and Settings\james bray\My Documents\SUPERAntiSpyware.exe
[2010/01/04 12:01:20 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drake Tax Planner.Lnk
[2010/01/04 12:01:20 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drake Doc Manager.Lnk
[2010/01/04 12:01:19 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drake 2009 Tax - C drive.Lnk
[2010/01/04 11:56:51 | 48,499,958 | ---- | M] () -- C:\Documents and Settings\james bray\Desktop\Drake09_Federal.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 13:50:01 | 00,094,696 | ---- | M] () -- C:\Documents and Settings\james bray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/30 13:41:16 | 00,001,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/01/05 15:07:40 | 07,011,527 | ---- | C] () -- C:\Documents and Settings\james bray\Desktop\cleanup.zip
[2010/01/04 15:03:45 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 14:56:43 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\james bray\Desktop\ERUNT.lnk
[2010/01/04 13:46:17 | 86,170,896 | ---- | C] () -- C:\Documents and Settings\james bray\Desktop\Tutorials.exe
[2010/01/04 12:21:30 | 07,451,168 | ---- | C] () -- C:\Documents and Settings\james bray\My Documents\SUPERAntiSpyware.exe
[2010/01/04 11:56:31 | 48,499,958 | ---- | C] () -- C:\Documents and Settings\james bray\Desktop\Drake09_Federal.exe
[2009/05/27 14:00:02 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/12/08 17:35:29 | 00,003,041 | ---- | C] () -- C:\Documents and Settings\james bray\Application Data\EmailConfig.log
[2007/07/12 02:04:00 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/04/18 16:20:57 | 00,006,766 | ---- | C] () -- C:\Documents and Settings\james bray\Application Data\wklnhst.dat
[2006/01/12 14:45:28 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/01/08 14:06:32 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/08 13:01:05 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5E35D57F1C.sys
[2006/01/08 13:01:04 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/08 11:22:39 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\james bray\Local Settings\Application Data\fusioncache.dat
[2005/12/29 22:14:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/29 22:07:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/29 21:58:51 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/29 21:27:52 | 00,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/12/29 21:26:40 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2009/05/27 13:56:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/05/27 13:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2008/01/19 12:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/17 12:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/18 14:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\.purple
[2006/01/10 17:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\Control-F1
[2006/01/12 15:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\Earthlink
[2006/01/12 15:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\EarthLink Toolbar
[2007/07/05 17:12:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\F-Secure
[2009/12/09 12:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\gtk-2.0
[2007/03/10 13:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\Laplink
[2006/05/14 01:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\Leadertech
[2006/01/13 15:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\MSNInstaller
[2007/04/04 10:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james bray\Application Data\Template
[2010/01/06 09:53:27 | 00,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2010/01/06 09:54:27 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5FA841F0-C518-4F2A-BA72-6D7F04DA6836}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 03:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\DDM.TXT:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\appath06.ini:SummaryInformation
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40F038C5
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F8C9007
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
< End of report >

EXTRAS.txt
OTL Extras logfile created on: 1/6/2010 10:46:09 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\james bray\Desktop\cleanup
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 124.50 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JBWORKSTATION
Current User Name: james bray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"21:TCP" = 21:TCP:*:Enabled:rivercitybank
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl -- File not found
"C:\REMOTE05\CnctToRCB.exe" = C:\REMOTE05\CnctToRCB.exe:*:Enabled:Master Database Inquiry -- (River City Bank)
"C:\Program Files\Windows Lotto Pro 2000\proupdt.exe" = C:\Program Files\Windows Lotto Pro 2000\proupdt.exe:*:Enabled:proupdt -- ()
"C:\REMOTE06\remote.exe" = C:\REMOTE06\remote.exe:*:Enabled:River City Bank Remote -- File not found
"C:\REMOTE05\remote.exe" = C:\REMOTE05\remote.exe:*:Enabled:River City Bank Remote -- (River City Bank)
"C:\Program Files\Laplink\PCsync\SFTHost.exe" = C:\Program Files\Laplink\PCsync\SFTHost.exe:*:Enabled:PCsync Host Module -- File not found
"C:\Program Files\Laplink\PCsync\PCsync.exe" = C:\Program Files\Laplink\PCsync\PCsync.exe:*:Enabled:Laplink PCsync -- File not found
"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe" = C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe:*:Enabled:- Play Games - -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\REMOTE07\CnctToRCB.exe" = C:\REMOTE07\CnctToRCB.exe:*:Enabled:Master Database Inquiry -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"F-Secure Product 444" = EMBARQ® Online Security
"GNU Aspell_is1" = GNU Aspell 0.50-3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Lotto Pro" = Lotto Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetMos Technology" = NetMos Multi-IO Controller
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"Sprint.MCCInstall" = Virtual Assistant from EMBARQ
"ULTIMATER" = Microsoft Office Ultimate 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 3:09:52 PM | Computer Name = JBWORKSTATION | Source = F-Secure Anti-Virus | ID = 103
Description = 8 2010-01-05 14:09:52-04:00 jbworkstation JBWORKSTATION\james
bray F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\EMBARQ
ONLINE SECURITY\FSAUA\SUBSCRIPTIONS\AVH_PEGDB was aborted due to exceeded scanning
time limit. The file may be in use or reading it was too slow (e.g. network connection
was under stress).

Error - 1/5/2010 3:13:08 PM | Computer Name = JBWORKSTATION | Source = F-Secure Anti-Virus | ID = 103
Description = 9 2010-01-05 14:13:07-04:00 jbworkstation JBWORKSTATION\james
bray F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\EMBARQ
ONLINE SECURITY\FSAUA\CONTENT\AVPE\1262693371\BASE659C.AVC was aborted due to exceeded
scanning time limit. The file may be in use or reading it was too slow (e.g. network
connection was under stress).

Error - 1/5/2010 3:16:59 PM | Computer Name = JBWORKSTATION | Source = F-Secure Anti-Virus | ID = 103
Description = 10 2010-01-05 14:16:54-04:00 jbworkstation JBWORKSTATION\james
bray F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\EMBARQ
ONLINE SECURITY\FSAUA\CONTENT\AVPE\1262693371\EXT001C.AVC was aborted due to exceeded
scanning time limit. The file may be in use or reading it was too slow (e.g. network
connection was under stress).

Error - 1/5/2010 3:38:37 PM | Computer Name = JBWORKSTATION | Source = F-Secure Anti-Virus | ID = 103
Description = 11 2010-01-05 14:38:33-04:00 jbworkstation JBWORKSTATION\james
bray F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Program Files\EMBARQ
Online Security\FSAUA\subscriptions\avh_avpe

Error - 1/5/2010 3:44:43 PM | Computer Name = JBWORKSTATION | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 1/5/2010 3:49:08 PM | Computer Name = JBWORKSTATION | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2010 4:47:50 PM | Computer Name = JBWORKSTATION | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 1/5/2010 4:49:18 PM | Computer Name = JBWORKSTATION | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 10:57:47 AM | Computer Name = JBWORKSTATION | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2010-01-06 09:57:38-04:00 jbworkstation JBWORKSTATION\james
bray F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\ADOBE\READER
8.0\READER\COOLTYPE.DLL was aborted due to exceeded scanning time limit. The file
may be in use or reading it was too slow (e.g. network connection was under stress).


Error - 1/6/2010 11:00:22 AM | Computer Name = JBWORKSTATION | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2010-01-06 10:00:18-04:00 jbworkstation JBWORKSTATION\james
bray F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\EMBARQ
ONLINE SECURITY\FSAUA\CONTENT\MLCWIN\1262756489\INFO.IAD was aborted due to exceeded
scanning time limit. The file may be in use or reading it was too slow (e.g. network
connection was under stress).

[ System Events ]
Error - 1/5/2010 3:24:40 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2...c
NetDetect.job. For more information, please visit the customer support web pages
at http://support.f-secure.com/enu/home/ for assistance.

Error - 1/5/2010 4:28:31 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\System
V...RP1302. For more information, please visit the customer support web pages at
http://support.f-secure.com/enu/home/ for assistance.

Error - 1/5/2010 4:30:09 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\System
V...RP1303. For more information, please visit the customer support web pages at
http://support.f-secure.com/enu/home/ for assistance.

Error - 1/5/2010 4:37:48 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\WIN...26a2637.msp.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 1/5/2010 5:21:25 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\Progra...avh_avpe.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 1/5/2010 5:25:30 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\Progra...avh_avpe.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 1/5/2010 5:37:08 PM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\Progra...avh_avpe.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 1/6/2010 10:53:32 AM | Computer Name = JBWORKSTATION | Source = System Error | ID = 1003
Description = Error code 00000050, parameter1 ffa50000, parameter2 00000000, parameter3
a8c69fec, parameter4 00000000.

Error - 1/6/2010 10:58:41 AM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\Progra...info.iad.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 1/6/2010 10:59:47 AM | Computer Name = JBWORKSTATION | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume2\WIN...26a2637.msp.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.


< End of report >


  • 0

Advertisements

#2
Kewl Programs
Posted 11 January 2010 - 08:46 AM

Kewl Programs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Please close or delete.

Moved to http://www.geekstogo...or-t264781.html I believe I posted this in the wrong spot and so reposted at link above.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP