Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't Connect to update servers still

Started by Kiyagura , Apr 25 2009 07:02 PM

  • Please log in to reply

#1
Kiyagura
Posted 25 April 2009 - 07:02 PM

Kiyagura

    New Member

  • Member
  • Pip
  • 7 posts
Ok so I was being helped by rshaffer61 and before my icons would disappear and all that. Its fixed now I hope from the Malewarebyte's program he told me to try. But I am still not able to connect to update servers to update programs. So here is my logs from Malewarebyte's and OTListIT:

Malewarebyte's
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/25/2009 7:16:05 PM
mbam-log-2009-04-25 (19-16-05).txt

Scan type: Quick Scan
Objects scanned: 71135
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prubesidaci (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Cguvonutulivihan.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

OTlistIt
OTListIt logfile created on: 4/25/2009 7:48:20 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RC6W9V4I
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 423.05 Mb Available Physical Memory | 41.40% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 139.55 Gb Free Space | 74.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXPHOME2
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\program files\steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
PRC - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RC6W9V4I\OTListIt2[1].exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Stopped]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
SRV - (McShield [Auto | Running]) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (bkn50USB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (Network Associates, Inc.)
DRV - (NaiAvTdi1 [System | Running]) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (npkcrypt [On_Demand | Stopped]) -- C:\Program Files\Lineage II - PTS_PTS\system\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (EntDrv51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (Network Associates, Inc)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gulfcoast.cox.net/cci/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (19 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (Valve Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\pawehuhe.dll) - c:\windows\system32\pawehuhe.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\vulademu.dll) - C:\WINDOWS\system32\vulademu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\maligoha.dll) - c:\windows\system32\maligoha.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{51eb5efa-4df6-11dd-8ee1-000cf18c01a3}\Shell\AutoRun\command - "" = E:\RCAMemoryMgr.exe -- File not found
O33 - MountPoints2\{51eb5efa-4df6-11dd-8ee1-000cf18c01a3}\Shell\Manage your videos\command - "" = E:\RCAMemoryMgr.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/25 19:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/25 19:05:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 19:05:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/25 19:05:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/25 19:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/25 19:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/25 18:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/25 17:58:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/04/25 17:27:28 | 00,000,000 | ---D | C] -- C:\MFT 2457
[2009/04/25 15:33:10 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/04/25 15:33:08 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/04/25 15:33:06 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/04/25 15:32:55 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/04/25 15:32:55 | 00,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/04/25 15:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/25 15:32:31 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/04/25 15:25:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/04/25 14:36:53 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/25 14:36:53 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/25 14:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/04/25 14:28:46 | 00,000,882 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
[2009/04/25 14:27:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/04/25 13:29:03 | 01,131,176 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Owner\Desktop\InstallWoW.exe
[2009/04/20 16:24:18 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work - for merge.doc
[2009/04/20 16:16:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$lm production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/17 11:31:01 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/16 22:22:12 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Spanish Extra Credit.doc
[2009/04/14 13:17:32 | 00,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/04/13 23:32:33 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/09 18:23:14 | 00,168,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fed promisorry note info.pdf
[2009/04/09 18:17:29 | 00,153,518 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\promissory note lynn.pdf
[2009/04/04 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\[DB]_Bleach_213_[FEAB5642]
[2009/04/01 21:09:37 | 72,913,7152 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DL3.5_20092802.iso
[2008/12/30 17:28:16 | 00,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/31 16:18:58 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/31 16:18:57 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/31 16:18:57 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/31 16:17:01 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/09 15:35:25 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/09 15:35:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/21 14:19:37 | 00,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2007/12/18 22:14:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2007/05/08 16:12:51 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PMXUPL~1.INI
[2007/05/06 11:17:39 | 00,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2007/05/06 11:17:39 | 00,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2007/05/06 11:17:38 | 00,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2007/05/06 11:13:48 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\Wnaspi32.dll
[2006/12/03 17:18:14 | 00,000,710 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/10/14 16:25:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/04 07:00:00 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[8 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/25 19:18:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/25 19:18:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/25 19:18:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 19:17:56 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/25 19:17:42 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/25 19:17:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 19:17:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 19:16:48 | 04,317,636 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/25 19:05:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 18:21:05 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/04/25 18:19:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/25 18:19:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/25 17:14:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/25 17:14:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/25 17:14:44 | 00,342,958 | ---- | M] () -- C:\logfile
[2009/04/25 17:04:07 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/04/25 17:02:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/25 17:01:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/25 16:58:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/25 16:58:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/25 15:33:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/04/25 15:33:07 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/04/25 15:32:55 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/04/25 15:32:55 | 00,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/04/25 14:40:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/25 14:40:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/25 14:37:17 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/25 14:36:53 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/25 14:28:46 | 00,000,882 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
[2009/04/25 13:23:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/25 13:23:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/25 00:00:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/25 00:00:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/24 21:55:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/24 21:55:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/24 18:39:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/24 18:39:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/24 10:39:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/24 10:39:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/23 23:01:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/23 23:01:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/23 21:57:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/23 21:57:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/23 10:41:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/23 10:41:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/22 23:36:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/04/22 23:36:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/04/22 10:19:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/04/22 10:19:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/04/21 22:01:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/21 22:01:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/21 12:23:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/21 12:23:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/20 20:14:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/20 20:14:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/20 19:18:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 19:16:28 | 00,000,710 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/04/20 18:56:54 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work - for merge.doc
[2009/04/20 16:16:14 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$lm production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/20 15:40:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/20 15:40:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/18 19:46:53 | 01,302,528 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/18 19:38:41 | 02,732,032 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/17 15:15:22 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Spanish Extra Credit.doc
[2009/04/17 11:31:01 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/16 22:22:18 | 00,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/14 13:17:32 | 00,041,808 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/04/09 18:23:14 | 00,168,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fed promisorry note info.pdf
[2009/04/09 18:17:29 | 00,153,518 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\promissory note lynn.pdf
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/01 21:47:46 | 00,000,133 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/01 21:11:24 | 72,913,7152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DL3.5_20092802.iso
< End of report >

Extras
OTListIt Extras logfile created on: 4/25/2009 7:48:20 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RC6W9V4I
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 423.05 Mb Available Physical Memory | 41.40% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 139.55 Gb Free Space | 74.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINXPHOME2
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare (Eastman Kodak Company)
C:\Program Files\Steam\steamapps\diablo2lord\counter-strike\hl.exe:*:Disabled:Half-Life Launcher (Valve)
C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\BYOND\bin\byond.exe:*:Disabled:byond ()
C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Steam\steamapps\diablo2lord\counter-strike source\hl2.exe:*:Enabled:hl2 ()
C:\Program Files\Steam\steam.exe:*:Enabled:Steam (Valve Corporation)
C:\Program Files\Steam\steamapps\diablo2lord\condition zero\hl.exe:*:Disabled:Half-Life Launcher (Valve)
C:\Program Files\Steam\steamapps\diablo2lord\garrysmod\hl2.exe:*:Enabled:hl2 ()
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice (Microsoft Corporation)
C:\Program Files\Steam\steamapps\diablo2lord\day of defeat\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe:*:Enabled:naPrdMgr (Network Associates, Inc.)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService (Apple Inc.)
C:\Program Files\Steam\steamapps\diablo2lord\age of chivalry\hl2.exe:*:Enabled:hl2 ()
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo ()
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe:*:Enabled:dlbcserv ()
C:\Program Files\Network Associates\VirusScan\Mcshield.exe:*:Enabled:Mcshield (Network Associates, Inc.)
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:FrameworkService (Network Associates, Inc.)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Steam\steamapps\diablo2lord\day of defeat source\hl2.exe:*:Enabled:hl2 ()
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Steam\steamapps\shorthomeless21\counter-strike\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\Xfire\xfire.exe:*:Disabled:Xfire (Xfire Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AXIS Camera Server Control" = AXIS Camera Server Control
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxcast Uploader" = Maxcast Uploader (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Steam App 10" = Counter-Strike
"Steam App 17510" = Age of Chivalry
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 4000" = Garry's Mod
"Steam App 80" = Condition Zero
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"MiraScanV3.20" = MiraScan V3.20
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2009 3:45:27 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 3:46:09 PM | Computer Name = WINXPHOME2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 5:57:47 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 6:06:25 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 6:06:25 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 6:19:46 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.4 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 6:38:42 PM | Computer Name = WINXPHOME2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 7:24:42 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.4 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 7:24:42 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.4 user SYSTEM running VirusScan Enter 8.0 OAS)

Error - 4/25/2009 7:25:16 PM | Computer Name = WINXPHOME2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/25/2009 5:51:59 PM | Computer Name = WINXPHOME2 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.

Error - 4/25/2009 5:52:04 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/25/2009 6:01:01 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/25/2009 6:14:02 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/25/2009 6:41:56 PM | Computer Name = WINXPHOME2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 000CF18C01A3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/25/2009 7:13:10 PM | Computer Name = WINXPHOME2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 000CF18C01A3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/25/2009 7:18:37 PM | Computer Name = WINXPHOME2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 000CF18C01A3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/25/2009 7:18:52 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/25/2009 8:17:46 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/25/2009 8:17:56 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

[ TuneUp Events ]
Error - 4/25/2009 8:05:26 PM | Computer Name = WINXPHOME2 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-25 19:05:26', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2064',0)

Error - 4/25/2009 8:05:38 PM | Computer Name = WINXPHOME2 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-25 19:05:38', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','360',0)

Error - 4/25/2009 8:28:01 PM | Computer Name = WINXPHOME2 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-25 19:28:01', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1152',0)


< End of report >
  • 0

Advertisements

#2
Kiyagura
Posted 25 April 2009 - 11:23 PM

Kiyagura

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok people I still have not been helped with this problem yet....
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP