This is how my IE 8 looks:
These are the logs:
Microsoft Windows XP Professional (5.1.2600) Service Pack 3 A:\ [Removable] (Total:0 Mo/Free:0 Mo) C:\ [Fixed] - NTFS - (Total:38138 Mo/Free:2692 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) F:\ [Removable] (Total:0 Mo/Free:0 Mo) Mon 05/18/2009|13:37 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\WINDOWS\system32\svchost.exe --Locked-- avp.exe ---------- C:\WINDOWS\system32\hkcmd.exe --Locked-- avp.exe ---------- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe ---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE ---------- C:\WINDOWS\system32\umonit.exe ---------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe ---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE ---------- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe ---------- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe ---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe ---------- C:\WINDOWS\system32\ctfmon.exe ---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe ---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe ---------- C:\Program Files\Canon\CAL\CALMAIN.exe ---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe ---------- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE ---------- C:\WINDOWS\system32\wuauclt.exe ---------- C:\WINDOWS\System32\alg.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/14/2009|13:19 2 - "C:\Rooter$\Rooter_2.txt" - Mon 05/18/2009|13:38 ----------------------\\ Scan completed at 13:38
*****
Virus Scan: completed 5/16/2009 6:37:04 AM (events: 2, objects: 2, time: 00:00:01) 5/1/2009 10:36:53 AM Task started 5/1/2009 11:46:04 AM Task completed Virus Scan: completed 5/16/2009 6:37:04 AM (events: 2, objects: 2, time: 00:00:01) 5/1/2009 12:17:23 PM Task started 5/1/2009 12:34:20 PM Task completed Virus Scan: completed 5/16/2009 6:37:04 AM (events: 2, objects: 2, time: 00:00:01) 5/16/2009 6:37:03 AM Task started 5/16/2009 6:37:04 AM Task completed Virus Scan: completed 5/16/2009 6:37:04 AM (events: 2, objects: 2, time: 00:00:01) 5/16/2009 5:54:45 PM Task started 5/16/2009 6:24:20 PM Detected Vulnerability http://www.viruslist.com/en/advisories/34924 Low Exact File C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\ Annots.FRA 5/16/2009 6:24:20 PM Detected Vulnerability http://www.viruslist.com/en/advisories/34924 Low Exact File C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\ Annots.DEU 5/16/2009 6:24:25 PM Detected Vulnerability http://www.viruslist.com/en/advisories/34924 Low Exact File C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\ Annots.api 5/16/2009 6:34:44 PM Detected Vulnerability http://www.viruslist.com/en/advisories/34924 Low Exact File C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\ Annots.api 5/16/2009 7:07:32 PM Task completed Virus Scan: completed 5/16/2009 6:37:04 AM (events: 2, objects: 2, time: 00:00:01) 5/18/2009 12:31:30 PM Task started 5/18/2009 12:53:35 PM Detected Vulnerability http://www.viruslist.com/en/advisories/34924 Low Exact File C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\ Annots.DEU 5/18/2009 12:53:35 PM Detected Vulnerability http://www.viruslist.com/en/advisories/34924 Low Exact File C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\ Annots.FRA 5/18/2009 1:04:26 PM Task completed
*****
Malwarebytes' Anti-Malware 1.36 Database version: 2147 Windows 5.1.2600 Service Pack 3 5/18/2009 12:24:38 PM mbam-log-2009-05-18 (12-24-38).txt Scan type: Quick Scan Objects scanned: 75224 Time elapsed: 7 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
*****
OTListIt logfile created on: 5/18/2009 1:43:47 PM - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.99 Mb Total Physical Memory | 184.52 Mb Available Physical Memory | 36.18% Memory free 858.24 Mb Paging File | 598.10 Mb Available in Paging File | 69.69% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 22.63 Gb Free Space | 60.76% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOB Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.) PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\system32\umonit.exe (General) PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe () PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools) [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (AVP [Auto | Running]) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.) SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) SRV - (PDAgent [Auto | Running]) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.) SRV - (PDEngine [On_Demand | Stopped]) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.) SRV - (spkrmon [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe () SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation) DRV - (arusb(Atheros) [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\arusb.sys (Atheros Communications, Inc.) DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.) DRV - (DefragFS [Auto | Running]) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (E1000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys (Intel Corporation) DRV - (fixustor [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic) DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation) DRV - (kl1 [Boot | Running]) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (klbg [Boot | Running]) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (KLFLTDEV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\klfltdev.sys (Kaspersky Lab) DRV - (KLIF [System | Running]) -- C:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab) DRV - (klim5 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\klim5.sys (Kaspersky Lab) DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Cisco Systems, Inc.) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Cisco Systems, Inc.) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.) DRV - (winusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WinUSB.SYS (Microsoft Corporation) DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation) DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/12 09:17:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/13 05:47:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/30 14:22:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2009\THBEXT [2009/03/11 19:57:34 | 00,000,000 | ---D | M] [2009/03/11 22:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2009/03/11 22:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/12 10:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yaelei2h.default\extensions [2009/04/04 18:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yaelei2h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/03/20 08:20:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yaelei2h.default\extensions\[email protected] [2009/04/14 10:00:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/04/30 14:22:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/04/30 14:21:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/04/30 14:21:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [\\192.168.0.198\EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P39 "\\192.168.0.198\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [\\CHUCK\EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P31 "\\CHUCK\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [\\Linda\EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P31 "\\Linda\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on Linda] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P37 "Auto Epson Stylus C88 Series on Linda" /O15 "\\LINDA\Printer" /M "Stylus C88" (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab) O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.) O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Cisco Systems, Inc.) O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General) O4 - HKLM..\Run: [WebEx Document Loader] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P21 "WebEx Document Loader" /O26 "WebEx Document Loader Port" /M "Stylus C88" (SEIKO EPSON CORPORATION) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated) O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/06/05 20:28:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{e0d5a8fe-17f5-11de-9de4-000874d8ccdc}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\system32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009/05/18 13:42:10 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009/05/18 13:06:47 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\My Documents\New Folder (2) [2009/05/18 13:06:35 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\My Documents\New Folder [2009/05/18 12:16:06 | 00,000,727 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk [2009/05/18 12:16:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/05/18 12:16:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/05/18 12:16:00 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/05/18 12:11:30 | 00,000,642 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\NTREGOPT.lnk [2009/05/18 12:11:30 | 00,000,623 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\ERUNT.lnk [2009/05/18 12:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/05/18 12:00:43 | 00,000,227 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\Malware and Spyware Cleaning Guide.url [2009/05/18 11:38:47 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\ADMINI~1\Desktop\OTListIt2.exe [2009/05/18 11:33:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\Malware Programs [2009/05/18 11:13:12 | 00,349,696 | ---- | C] (iS3, Inc.) -- C:\DOCUME~1\ADMINI~1\Desktop\STOPzilla_Setup.exe [2009/05/18 11:11:43 | 05,797,152 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\SUPERAntiSpyware.exe [2009/05/17 16:43:10 | 00,000,224 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\The Rule of Reason Weblog of the Center for the Advancement of Capitalism.url [2009/05/16 23:46:32 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009/05/16 23:44:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2009/05/16 23:39:55 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/05/16 23:39:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2009/05/16 20:58:14 | 09,152,024 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\favritius_goldfinch.psd [2009/05/16 16:58:46 | 00,036,715 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform_s.jpg [2009/05/16 15:55:45 | 01,633,078 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\img113.jpg [2009/05/16 15:39:54 | 22,230,096 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform.tif [2009/05/16 15:20:19 | 00,170,009 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform-copy.jpg [2009/05/16 15:17:03 | 22,228,915 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform.psd [2009/05/16 08:07:16 | 02,609,323 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\early_afternoon_first_version.png [2009/05/16 08:04:49 | 03,864,403 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\early_afternoon_first_edition.psd [2009/05/16 06:36:41 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier [2009/05/15 14:27:05 | 00,000,157 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\The Gift Certificate - THE FORUM for Ayn Rand Fans.url [2009/05/14 18:17:17 | 00,144,265 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\dlink_proof2.jpg [2009/05/14 17:38:41 | 00,019,224 | -H-- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\ZbThumbnail.info [2009/05/14 17:36:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\New Folder [2009/05/14 12:12:59 | 00,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{E6318FE0-13E7-4C9A-A077-A2BD1B1330EE} [2009/05/14 11:50:33 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{E6318FE0-13E7-4C9A-A077-A2BD1B1330EE} [2009/05/13 15:02:41 | 00,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92B909D4-C488-41DB-ACA8-38B37A71C869}.job [2009/05/13 14:52:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/05/13 14:52:18 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/05/13 14:48:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/05/13 09:28:11 | 00,000,000 | ---D | C] -- C:\Program Files\WebEx [2009/05/13 09:27:48 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2009/05/13 09:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared [2009/05/13 07:30:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2009/05/13 06:46:40 | 00,000,123 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\THE FORUM for Ayn Rand Fans (Powered by Invision Power Board).URL [2009/05/13 06:46:28 | 00,000,208 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\Online Banking Login.URL [2009/05/12 11:38:15 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\Annie Christmas Lights [2009/05/11 09:25:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\Christine Photos [2009/05/10 07:09:47 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\Temp [2009/04/21 12:42:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/04/21 11:26:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\My Documents\My Digital Editions [2009/04/21 11:15:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2009/04/21 11:14:16 | 00,045,392 | ---- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll [2009/04/21 10:29:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Download Manager [2009/04/20 13:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/04/01 15:18:28 | 00,005,553 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini [2009/03/30 13:33:30 | 00,000,470 | ---- | C] () -- C:\WINDOWS\ui_mv32.ini [2009/03/26 04:27:37 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/03/26 04:27:08 | 00,000,074 | ---- | C] () -- C:\WINDOWS\EPSONC88.ini [2009/03/26 04:25:35 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2009/03/18 12:32:43 | 00,000,340 | ---- | C] () -- C:\WINDOWS\frontpg.ini [2009/03/15 07:30:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/06/07 20:06:07 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll [2004/08/04 08:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009/05/18 13:45:16 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92B909D4-C488-41DB-ACA8-38B37A71C869}.job [2009/05/18 13:32:26 | 00,000,227 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\Malware and Spyware Cleaning Guide.url [2009/05/18 13:30:37 | 00,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2009/05/18 13:29:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/05/18 13:27:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/05/18 13:27:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini [2009/05/18 13:27:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/05/18 13:26:35 | 02,243,616 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/05/18 13:26:35 | 00,458,784 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/05/18 13:26:35 | 00,018,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/05/18 13:26:35 | 00,002,648 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/05/18 12:16:06 | 00,000,727 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk [2009/05/18 12:11:30 | 00,000,642 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\NTREGOPT.lnk [2009/05/18 12:11:30 | 00,000,623 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\ERUNT.lnk [2009/05/18 12:06:06 | 00,039,696 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT [2009/05/18 11:38:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\ADMINI~1\Desktop\OTListIt2.exe [2009/05/18 11:13:13 | 00,349,696 | ---- | M] (iS3, Inc.) -- C:\DOCUME~1\ADMINI~1\Desktop\STOPzilla_Setup.exe [2009/05/18 11:11:48 | 05,797,152 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\SUPERAntiSpyware.exe [2009/05/18 08:49:19 | 00,000,224 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\The Rule of Reason Weblog of the Center for the Advancement of Capitalism.url [2009/05/17 03:05:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/05/16 23:46:01 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/05/16 23:46:01 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/05/16 23:45:31 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2009/05/16 23:39:55 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/05/16 20:58:16 | 09,152,024 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\favritius_goldfinch.psd [2009/05/16 16:58:46 | 00,036,715 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform_s.jpg [2009/05/16 15:55:46 | 01,633,078 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\img113.jpg [2009/05/16 15:40:01 | 22,230,096 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform.tif [2009/05/16 15:36:16 | 22,228,915 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform.psd [2009/05/16 15:20:20 | 00,170,009 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\mom_in_uniform-copy.jpg [2009/05/16 09:00:02 | 03,864,403 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\early_afternoon_first_edition.psd [2009/05/16 08:07:20 | 02,609,323 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\early_afternoon_first_version.png [2009/05/16 06:36:41 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier [2009/05/15 15:56:59 | 00,019,224 | -H-- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\ZbThumbnail.info [2009/05/15 14:27:05 | 00,000,157 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\The Gift Certificate - THE FORUM for Ayn Rand Fans.url [2009/05/15 13:28:43 | 00,144,265 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\dlink_proof2.jpg [2009/05/14 16:56:24 | 00,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{E6318FE0-13E7-4C9A-A077-A2BD1B1330EE} [2009/05/14 16:16:35 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{E6318FE0-13E7-4C9A-A077-A2BD1B1330EE} [2009/05/14 12:11:50 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2009/05/13 19:11:21 | 00,000,123 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\THE FORUM for Ayn Rand Fans (Powered by Invision Power Board).URL [2009/05/13 14:55:43 | 00,000,084 | -HS- | M] () -- C:\DOCUME~1\ADMINI~1\My Documents\desktop.ini [2009/05/13 14:25:24 | 00,000,300 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\hank1 on deviantART.URL [2009/05/13 11:12:37 | 00,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/05/13 09:27:58 | 08,673,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2009/05/13 08:04:22 | 00,000,208 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\Online Banking Login.URL [2009/05/07 03:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/04/25 19:31:42 | 00,000,470 | ---- | M] () -- C:\WINDOWS\ui_mv32.ini [2009/04/25 01:30:39 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/04/24 10:04:04 | 00,001,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat [2009/04/22 11:49:06 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{125BB5F5-AF1B-4FFD-A90A-2A5963E835F6} [2009/04/22 11:06:57 | 00,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{125BB5F5-AF1B-4FFD-A90A-2A5963E835F6} [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 3638 bytes -> C:\DOCUME~1\ADMINI~1\Desktop\The Rule of Reason Weblog of the Center for the Advancement of Capitalism.url:favicon @Alternate Data Stream - 22486 bytes -> C:\DOCUME~1\ADMINI~1\Desktop\Malware and Spyware Cleaning Guide.url:favicon @Alternate Data Stream - 1406 bytes -> C:\DOCUME~1\ADMINI~1\Desktop\THE FORUM for Ayn Rand Fans (Powered by Invision Power Board).URL:favicon @Alternate Data Stream - 1406 bytes -> C:\DOCUME~1\ADMINI~1\Desktop\hank1 on deviantART.URL:favicon @Alternate Data Stream - 1150 bytes -> C:\DOCUME~1\ADMINI~1\Desktop\The Fontman’s Blog.url:favicon < End of report >
*****
OTListIt Extras logfile created on: 5/18/2009 1:43:47 PM - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.99 Mb Total Physical Memory | 184.52 Mb Available Physical Memory | 36.18% Memory free 858.24 Mb Paging File | 598.10 Mb Available in Paging File | 69.69% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 22.63 Gb Free Space | 60.76% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOB Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 (SEIKO EPSON CORPORATION) [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4F47D5A8-15C1-4424-9851-AD01A66CABB2}" = The Objectivism Research CDROM "{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic "{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009 "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002 "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer "{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe Photoshop 7.0" = Adobe Photoshop 7.0.1 "Adobe SVG Viewer" = Adobe SVG Viewer "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "cayahooantispy" = CA Yahoo! Anti-Spy (remove only) "CSCLIB" = Canon Camera Support Core Library "Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer "Digital Editions" = Adobe Digital Editions "DPP" = Canon Utilities Digital Photo Professional 3.0 "EPSON Printer and Utilities" = EPSON Printer Software "ERUNT_is1" = ERUNT 1.1j "FileZilla Client" = FileZilla Client 3.2.4.1 "FixUstor" = Generic color icon driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Image Composer" = Microsoft Image Composer 1.5 "InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver "InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver "InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver "InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Network MagicUninstall" = Network Magic "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROSet" = Intel(R) PRO Network Adapters and Drivers "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "SWiSH v2.01" = SWiSH v2.01 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 4/12/2009 9:26:15 AM | Computer Name = XPPRO | Source = .NET Runtime Optimization Service | ID = 1101 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll . Error code = 0x80070002 Error - 4/12/2009 9:27:47 AM | Computer Name = XPPRO | Source = .NET Runtime Optimization Service | ID = 1101 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002 Error - 4/14/2009 10:40:48 AM | Computer Name = XPPRO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, stamp 485da791, faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address 0x00012aeb. Error - 4/14/2009 10:41:10 AM | Computer Name = XPPRO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, stamp 485da791, faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address 0x00012aeb. Error - 4/14/2009 10:42:28 AM | Computer Name = XPPRO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, stamp 485da791, faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address 0x00012aeb. Error - 4/14/2009 1:23:00 PM | Computer Name = XPPRO | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 10:06:55 AM | Computer Name = XPPRO | Source = Application Error | ID = 1000 Description = Faulting application acrobat.com.exe, version 0.0.0.0, faulting module webkit.dll, version 0.0.0.0, fault address 0x000f24e8. Error - 4/22/2009 12:00:26 PM | Computer Name = XPPRO | Source = Application Error | ID = 1000 Description = Faulting application acrodist.exe, version 9.0.0.332, faulting module acrodistdll.dll, version 9.0.0.332, fault address 0x001ed704. Error - 5/12/2009 12:18:04 PM | Computer Name = XPPRO | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/13/2009 9:11:58 AM | Computer Name = XPPRO | Source = Application Error | ID = 1000 Description = Faulting application demo32.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000. [ System Events ] Error - 5/13/2009 10:22:11 AM | Computer Name = XPPRO | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.198 for the Network Card with network address 000874D8CCDC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 5/15/2009 2:31:33 PM | Computer Name = BOB | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.101 for the Network Card with network address 000874D8CCDC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 5/15/2009 7:15:58 PM | Computer Name = BOB | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.101 for the Network Card with network address 000874D8CCDC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). < End of report >
It's only online that things are this slow. It can take over a minute for a page to even open, whether it's a new page or one I visit often. My email is OK, just a little slow, opening in around 5 seconds. And some applications are slow to open and close.
Thank you very much for your attention to this matter.
Edited by Robert Tracy, 18 May 2009 - 12:54 PM.