MBAM log:
Malwarebytes' Anti-Malware 1.40
Database version: 2758
Windows 5.1.2600 Service Pack 3
9/8/2009 8:26:30 PM
mbam-log-2009-09-08 (20-26-30).txt
Scan type: Quick Scan
Objects scanned: 108875
Time elapsed: 6 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RootRepeal Log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 21:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: Aavmker4.SYS
Image Path: C:\windows\System32\Drivers\Aavmker4.SYS
Address: 0xF7964000 Size: 19072 File Visible: - Signed: Yes
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF748D000 Size: 187776 File Visible: - Signed: Yes
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -
Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF79D8000 Size: 11648 File Visible: - Signed: Yes
Status: -
Name: AegisP.sys
Image Path: C:\windows\system32\DRIVERS\AegisP.sys
Address: 0xAABFD000 Size: 15968 File Visible: - Signed: No
Status: -
Name: Afc.sys
Image Path: C:\windows\system32\drivers\Afc.sys
Address: 0xF78FC000 Size: 32768 File Visible: - Signed: No
Status: -
Name: afd.sys
Image Path: C:\windows\System32\drivers\afd.sys
Address: 0xAAED1000 Size: 138496 File Visible: - Signed: Yes
Status: -
Name: ALCXWDM.SYS
Image Path: C:\windows\system32\drivers\ALCXWDM.SYS
Address: 0xF65B6000 Size: 2317504 File Visible: - Signed: No
Status: -
Name: aswFsBlk.sys
Image Path: C:\windows\system32\DRIVERS\aswFsBlk.sys
Address: 0xF79C4000 Size: 32768 File Visible: - Signed: Yes
Status: -
Name: aswMon2.SYS
Image Path: C:\windows\System32\Drivers\aswMon2.SYS
Address: 0xAA9E3000 Size: 87424 File Visible: - Signed: Yes
Status: -
Name: aswRdr.SYS
Image Path: C:\windows\System32\Drivers\aswRdr.SYS
Address: 0xAA5C4000 Size: 15136 File Visible: - Signed: Yes
Status: -
Name: aswSP.SYS
Image Path: C:\windows\System32\Drivers\aswSP.SYS
Address: 0xAAD69000 Size: 135168 File Visible: - Signed: Yes
Status: -
Name: aswTdi.SYS
Image Path: C:\windows\System32\Drivers\aswTdi.SYS
Address: 0xF765C000 Size: 41664 File Visible: - Signed: Yes
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7401000 Size: 96512 File Visible: - Signed: Yes
Status: -
Name: audstub.sys
Image Path: C:\windows\system32\DRIVERS\audstub.sys
Address: 0xF7CB6000 Size: 3072 File Visible: - Signed: Yes
Status: -
Name: BATTC.SYS
Image Path: C:\windows\system32\DRIVERS\BATTC.SYS
Address: 0xF79D4000 Size: 16384 File Visible: - Signed: Yes
Status: -
Name: Beep.SYS
Image Path: C:\windows\System32\Drivers\Beep.SYS
Address: 0xF7AF2000 Size: 4224 File Visible: - Signed: Yes
Status: -
Name: BOOTVID.dll
Image Path: C:\windows\system32\BOOTVID.dll
Address: 0xF79CC000 Size: 12288 File Visible: - Signed: Yes
Status: -
Name: BtHidBus.sys
Image Path: BtHidBus.sys
Address: 0xF79DC000 Size: 14848 File Visible: - Signed: Yes
Status: -
Name: Cdfs.SYS
Image Path: C:\windows\System32\Drivers\Cdfs.SYS
Address: 0xF772C000 Size: 63744 File Visible: - Signed: Yes
Status: -
Name: cdrbsdrv.SYS
Image Path: C:\windows\System32\Drivers\cdrbsdrv.SYS
Address: 0xF7A98000 Size: 12736 File Visible: - Signed: No
Status: -
Name: cdrom.sys
Image Path: C:\windows\system32\DRIVERS\cdrom.sys
Address: 0xF6CAB000 Size: 62976 File Visible: - Signed: Yes
Status: -
Name: CLASSPNP.SYS
Image Path: C:\windows\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF75FC000 Size: 53248 File Visible: - Signed: Yes
Status: -
Name: CmBatt.sys
Image Path: C:\windows\system32\DRIVERS\CmBatt.sys
Address: 0xF7A94000 Size: 13952 File Visible: - Signed: Yes
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF79D0000 Size: 10240 File Visible: - Signed: Yes
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF75EC000 Size: 36352 File Visible: - Signed: Yes
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7419000 Size: 153344 File Visible: - Signed: Yes
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7AC2000 Size: 5888 File Visible: - Signed: Yes
Status: -
Name: drmk.sys
Image Path: C:\windows\system32\drivers\drmk.sys
Address: 0xF6CDB000 Size: 61440 File Visible: - Signed: Yes
Status: -
Name: Dxapi.sys
Image Path: C:\windows\System32\drivers\Dxapi.sys
Address: 0xAAD4D000 Size: 12288 File Visible: - Signed: Yes
Status: -
Name: dxg.sys
Image Path: C:\windows\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: Yes
Status: -
Name: dxgthk.sys
Image Path: C:\windows\System32\drivers\dxgthk.sys
Address: 0xF7BE9000 Size: 4096 File Visible: - Signed: Yes
Status: -
Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xAAD8A000 Size: 385024 File Visible: - Signed: Yes
Status: -
Name: Fips.SYS
Image Path: C:\windows\System32\Drivers\Fips.SYS
Address: 0xF767C000 Size: 44544 File Visible: - Signed: Yes
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF73E1000 Size: 129792 File Visible: - Signed: Yes
Status: -
Name: Fs_Rec.SYS
Image Path: C:\windows\System32\Drivers\Fs_Rec.SYS
Address: 0xF7AF0000 Size: 7936 File Visible: - Signed: Yes
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF743F000 Size: 125056 File Visible: - Signed: Yes
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\windows\System32\Drivers\GEARAspiWDM.sys
Address: 0xF6C8B000 Size: 40960 File Visible: - Signed: Yes
Status: -
Name: hal.dll
Image Path: C:\windows\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: Yes
Status: -
Name: HIDCLASS.SYS
Image Path: C:\windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF769C000 Size: 36864 File Visible: - Signed: Yes
Status: -
Name: HIDPARSE.SYS
Image Path: C:\windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF795C000 Size: 28672 File Visible: - Signed: Yes
Status: -
Name: hidusb.sys
Image Path: C:\windows\system32\DRIVERS\hidusb.sys
Address: 0xF7A80000 Size: 10368 File Visible: - Signed: Yes
Status: -
Name: HTTP.sys
Image Path: C:\windows\System32\Drivers\HTTP.sys
Address: 0xA9E8E000 Size: 264832 File Visible: - Signed: Yes
Status: -
Name: i8042prt.sys
Image Path: C:\windows\system32\DRIVERS\i8042prt.sys
Address: 0xF6CCB000 Size: 52480 File Visible: - Signed: Yes
Status: -
Name: ialmdd5.DLL
Image Path: C:\windows\System32\ialmdd5.DLL
Address: 0xBFA38000 Size: 925696 File Visible: - Signed: No
Status: -
Name: ialmdev5.DLL
Image Path: C:\windows\System32\ialmdev5.DLL
Address: 0xBFA04000 Size: 212992 File Visible: - Signed: No
Status: -
Name: ialmdnt5.dll
Image Path: C:\windows\System32\ialmdnt5.dll
Address: 0xBF9E3000 Size: 135168 File Visible: - Signed: No
Status: -
Name: ialmnt5.sys
Image Path: C:\windows\system32\DRIVERS\ialmnt5.sys
Address: 0xF6B4A000 Size: 1052608 File Visible: - Signed: No
Status: -
Name: ialmrnt5.dll
Image Path: C:\windows\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: No
Status: -
Name: imapi.sys
Image Path: C:\windows\system32\DRIVERS\imapi.sys
Address: 0xF6CBB000 Size: 42112 File Visible: - Signed: Yes
Status: -
Name: InCDfs.SYS
Image Path: C:\windows\System32\Drivers\InCDfs.SYS
Address: 0xAAF87000 Size: 99456 File Visible: - Signed: No
Status: -
Name: InCDPass.sys
Image Path: C:\windows\System32\DRIVERS\InCDPass.sys
Address: 0xF7904000 Size: 28928 File Visible: - Signed: No
Status: -
Name: InCDrec.SYS
Image Path: C:\windows\System32\Drivers\InCDrec.SYS
Address: 0xF7277000 Size: 8704 File Visible: - Signed: No
Status: -
Name: incdrm.SYS
Image Path: C:\windows\System32\Drivers\incdrm.SYS
Address: 0xF790C000 Size: 27776 File Visible: - Signed: No
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7AC0000 Size: 5504 File Visible: - Signed: Yes
Status: -
Name: intelppm.sys
Image Path: C:\windows\system32\DRIVERS\intelppm.sys
Address: 0xF782C000 Size: 36352 File Visible: - Signed: Yes
Status: -
Name: ipnat.sys
Image Path: C:\windows\system32\DRIVERS\ipnat.sys
Address: 0xAADE8000 Size: 152832 File Visible: - Signed: Yes
Status: -
Name: ipsec.sys
Image Path: C:\windows\system32\DRIVERS\ipsec.sys
Address: 0xAAF74000 Size: 75264 File Visible: - Signed: Yes
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75BC000 Size: 37248 File Visible: - Signed: Yes
Status: -
Name: kbdclass.sys
Image Path: C:\windows\system32\DRIVERS\kbdclass.sys
Address: 0xF78EC000 Size: 24576 File Visible: - Signed: Yes
Status: -
Name: KDCOM.DLL
Image Path: C:\windows\system32\KDCOM.DLL
Address: 0xF7ABC000 Size: 8192 File Visible: - Signed: Yes
Status: -
Name: kmixer.sys
Image Path: C:\windows\system32\drivers\kmixer.sys
Address: 0xA9ACB000 Size: 172416 File Visible: - Signed: Yes
Status: -
Name: ks.sys
Image Path: C:\windows\system32\drivers\ks.sys
Address: 0xF656F000 Size: 143360 File Visible: - Signed: Yes
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73B8000 Size: 92928 File Visible: - Signed: Yes
Status: -
Name: mnmdd.SYS
Image Path: C:\windows\System32\Drivers\mnmdd.SYS
Address: 0xF7AF4000 Size: 4224 File Visible: - Signed: Yes
Status: -
Name: mouclass.sys
Image Path: C:\windows\system32\DRIVERS\mouclass.sys
Address: 0xF78F4000 Size: 23040 File Visible: - Signed: Yes
Status: -
Name: mouhid.sys
Image Path: C:\windows\system32\DRIVERS\mouhid.sys
Address: 0xF7A84000 Size: 12160 File Visible: - Signed: Yes
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF75CC000 Size: 42368 File Visible: - Signed: Yes
Status: -
Name: mrxdav.sys
Image Path: C:\windows\system32\DRIVERS\mrxdav.sys
Address: 0xAA84E000 Size: 180608 File Visible: - Signed: Yes
Status: -
Name: mrxsmb.sys
Image Path: C:\windows\system32\DRIVERS\mrxsmb.sys
Address: 0xAAE0E000 Size: 455296 File Visible: - Signed: Yes
Status: -
Name: Msfs.SYS
Image Path: C:\windows\System32\Drivers\Msfs.SYS
Address: 0xF794C000 Size: 19072 File Visible: - Signed: Yes
Status: -
Name: msgpc.sys
Image Path: C:\windows\system32\DRIVERS\msgpc.sys
Address: 0xF6C4B000 Size: 35072 File Visible: - Signed: Yes
Status: -
Name: mssmbios.sys
Image Path: C:\windows\system32\DRIVERS\mssmbios.sys
Address: 0xF72BC000 Size: 15488 File Visible: - Signed: Yes
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF72E4000 Size: 105344 File Visible: - Signed: Yes
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72FE000 Size: 182656 File Visible: - Signed: Yes
Status: -
Name: ndistapi.sys
Image Path: C:\windows\system32\DRIVERS\ndistapi.sys
Address: 0xF7AA4000 Size: 10112 File Visible: - Signed: Yes
Status: -
Name: ndisuio.sys
Image Path: C:\windows\system32\DRIVERS\ndisuio.sys
Address: 0xAABF9000 Size: 14592 File Visible: - Signed: Yes
Status: -
Name: ndiswan.sys
Image Path: C:\windows\system32\DRIVERS\ndiswan.sys
Address: 0xF5856000 Size: 91520 File Visible: - Signed: Yes
Status: -
Name: NDProxy.SYS
Image Path: C:\windows\System32\Drivers\NDProxy.SYS
Address: 0xF762C000 Size: 40576 File Visible: - Signed: Yes
Status: -
Name: netbios.sys
Image Path: C:\windows\system32\DRIVERS\netbios.sys
Address: 0xF766C000 Size: 34688 File Visible: - Signed: Yes
Status: -
Name: netbt.sys
Image Path: C:\windows\system32\DRIVERS\netbt.sys
Address: 0xAAEF3000 Size: 162816 File Visible: - Signed: Yes
Status: -
Name: Npfs.SYS
Image Path: C:\windows\System32\Drivers\Npfs.SYS
Address: 0xF7954000 Size: 30848 File Visible: - Signed: Yes
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF732B000 Size: 574976 File Visible: - Signed: Yes
Status: -
Name: ntkrnlpa.exe
Image Path: C:\windows\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -
Name: Null.SYS
Image Path: C:\windows\System32\Drivers\Null.SYS
Address: 0xF7CFB000 Size: 2944 File Visible: - Signed: Yes
Status: -
Name: OPRGHDLR.SYS
Image Path: C:\windows\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7B85000 Size: 4096 File Visible: - Signed: Yes
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7844000 Size: 19712 File Visible: - Signed: Yes
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF747C000 Size: 68224 File Visible: - Signed: Yes
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B84000 Size: 3328 File Visible: - Signed: Yes
Status: -
Name: PCIIDEX.SYS
Image Path: C:\windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF783C000 Size: 28672 File Visible: - Signed: Yes
Status: -
Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF745E000 Size: 120192 File Visible: - Signed: Yes
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -
Name: portcls.sys
Image Path: C:\windows\system32\drivers\portcls.sys
Address: 0xF6592000 Size: 147456 File Visible: - Signed: Yes
Status: -
Name: psched.sys
Image Path: C:\windows\system32\DRIVERS\psched.sys
Address: 0xF5845000 Size: 69120 File Visible: - Signed: Yes
Status: -
Name: ptilink.sys
Image Path: C:\windows\system32\DRIVERS\ptilink.sys
Address: 0xF791C000 Size: 17792 File Visible: - Signed: Yes
Status: -
Name: rasacd.sys
Image Path: C:\windows\system32\DRIVERS\rasacd.sys
Address: 0xF7273000 Size: 8832 File Visible: - Signed: Yes
Status: -
Name: rasl2tp.sys
Image Path: C:\windows\system32\DRIVERS\rasl2tp.sys
Address: 0xF6C7B000 Size: 51328 File Visible: - Signed: Yes
Status: -
Name: raspppoe.sys
Image Path: C:\windows\system32\DRIVERS\raspppoe.sys
Address: 0xF6C6B000 Size: 41472 File Visible: - Signed: Yes
Status: -
Name: raspptp.sys
Image Path: C:\windows\system32\DRIVERS\raspptp.sys
Address: 0xF6C5B000 Size: 48384 File Visible: - Signed: Yes
Status: -
Name: raspti.sys
Image Path: C:\windows\system32\DRIVERS\raspti.sys
Address: 0xF7924000 Size: 16512 File Visible: - Signed: Yes
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -
Name: rdbss.sys
Image Path: C:\windows\system32\DRIVERS\rdbss.sys
Address: 0xAAEA6000 Size: 175744 File Visible: - Signed: Yes
Status: -
Name: RDPCDD.sys
Image Path: C:\windows\System32\DRIVERS\RDPCDD.sys
Address: 0xF7AF6000 Size: 4224 File Visible: - Signed: Yes
Status: -
Name: rdpdr.sys
Image Path: C:\windows\system32\DRIVERS\rdpdr.sys
Address: 0xF5815000 Size: 196224 File Visible: - Signed: Yes
Status: -
Name: redbook.sys
Image Path: C:\windows\system32\DRIVERS\redbook.sys
Address: 0xF6C9B000 Size: 57600 File Visible: - Signed: Yes
Status: -
Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xA9B66000 Size: 49152 File Visible: No Signed: No
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF73CF000 Size: 73472 File Visible: - Signed: Yes
Status: -
Name: srv.sys
Image Path: C:\windows\system32\DRIVERS\srv.sys
Address: 0xAA6BC000 Size: 333952 File Visible: - Signed: Yes
Status: -
Name: swenum.sys
Image Path: C:\windows\system32\DRIVERS\swenum.sys
Address: 0xF7AEE000 Size: 4352 File Visible: - Signed: Yes
Status: -
Name: symlcbrd.sys
Image Path: C:\WINDOWS\system32\drivers\symlcbrd.sys
Address: 0xF7974000 Size: 24576 File Visible: - Signed: Yes
Status: -
Name: SynTP.sys
Image Path: C:\windows\system32\DRIVERS\SynTP.sys
Address: 0xF653F000 Size: 193216 File Visible: - Signed: No
Status: -
Name: sysaudio.sys
Image Path: C:\windows\system32\drivers\sysaudio.sys
Address: 0xAA2B4000 Size: 60800 File Visible: - Signed: Yes
Status: -
Name: tcpip.sys
Image Path: C:\windows\system32\DRIVERS\tcpip.sys
Address: 0xAAF1B000 Size: 361600 File Visible: - Signed: Yes
Status: -
Name: TDI.SYS
Image Path: C:\windows\system32\DRIVERS\TDI.SYS
Address: 0xF7914000 Size: 20480 File Visible: - Signed: Yes
Status: -
Name: termdd.sys
Image Path: C:\windows\system32\DRIVERS\termdd.sys
Address: 0xF761C000 Size: 40704 File Visible: - Signed: Yes
Status: -
Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xAA6A4000 Size: 97280 File Visible: - Signed: Yes
Status: -
Name: update.sys
Image Path: C:\windows\system32\DRIVERS\update.sys
Address: 0xF578F000 Size: 384768 File Visible: - Signed: Yes
Status: -
Name: USBD.SYS
Image Path: C:\windows\system32\DRIVERS\USBD.SYS
Address: 0xF7AEA000 Size: 8192 File Visible: - Signed: Yes
Status: -
Name: usbehci.sys
Image Path: C:\windows\system32\DRIVERS\usbehci.sys
Address: 0xF78E4000 Size: 30208 File Visible: - Signed: Yes
Status: -
Name: usbhub.sys
Image Path: C:\windows\system32\DRIVERS\usbhub.sys
Address: 0xF764C000 Size: 59520 File Visible: - Signed: Yes
Status: -
Name: USBPORT.SYS
Image Path: C:\windows\system32\DRIVERS\USBPORT.SYS
Address: 0xF6B12000 Size: 147456 File Visible: - Signed: Yes
Status: -
Name: usbuhci.sys
Image Path: C:\windows\system32\DRIVERS\usbuhci.sys
Address: 0xF78DC000 Size: 20608 File Visible: - Signed: Yes
Status: -
Name: vga.sys
Image Path: C:\windows\System32\drivers\vga.sys
Address: 0xF7944000 Size: 20992 File Visible: - Signed: Yes
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\windows\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6B36000 Size: 81920 File Visible: - Signed: Yes
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF75DC000 Size: 52352 File Visible: - Signed: Yes
Status: -
Name: w29n51.sys
Image Path: C:\windows\system32\DRIVERS\w29n51.sys
Address: 0xF67EC000 Size: 3298432 File Visible: - Signed: No
Status: -
Name: wanarp.sys
Image Path: C:\windows\system32\DRIVERS\wanarp.sys
Address: 0xF768C000 Size: 34560 File Visible: - Signed: Yes
Status: -
Name: watchdog.sys
Image Path: C:\windows\System32\watchdog.sys
Address: 0xF79A4000 Size: 20480 File Visible: - Signed: Yes
Status: -
Name: wdmaud.sys
Image Path: C:\windows\system32\drivers\wdmaud.sys
Address: 0xAA257000 Size: 83072 File Visible: - Signed: Yes
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes
Status: -
Name: win32k.sys
Image Path: C:\windows\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes
Status: -
Name: wmiacpi.sys
Image Path: C:\windows\system32\DRIVERS\wmiacpi.sys
Address: 0xF7A90000 Size: 8832 File Visible: - Signed: Yes
Status: -
Name: WMILIB.SYS
Image Path: C:\windows\system32\DRIVERS\WMILIB.SYS
Address: 0xF7ABE000 Size: 8192 File Visible: - Signed: Yes
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -
Processes
-------------------
PathSystem
PID: 4 Status: -
PathC:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
PID: 148 Status: -
PathC:\Program Files\Bonjour\mDNSResponder.exe
PID: 208 Status: -
PathC:\WINDOWS\system32\wuauclt.exe
PID: 248 Status: -
PathC:\Program Files\Java\jre6\bin\jqs.exe
PID: 276 Status: -
PathC:\Program Files\Canon\CAL\CALMAIN.exe
PID: 356 Status: -
PathC:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 432 Status: -
PathC:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID: 456 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 500 Status: -
PathC:\WINDOWS\system32\smss.exe
PID: 572 Status: -
PathC:\Program Files\iPod\bin\iPodService.exe
PID: 624 Status: -
PathC:\WINDOWS\system32\csrss.exe
PID: 668 Status: -
PathC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 672 Status: -
PathC:\WINDOWS\system32\winlogon.exe
PID: 692 Status: -
PathC:\WINDOWS\system32\services.exe
PID: 736 Status: -
PathC:\WINDOWS\system32\lsass.exe
PID: 748 Status: -
PathC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PID: 864 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 912 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 980 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 1020 Status: -
PathC:\Program Files\Ahead\InCD\InCDsrv.exe
PID: 1040 Status: -
PathC:\WINDOWS\system32\WLTRYSVC.EXE
PID: 1084 Status: -
PathC:\WINDOWS\system32\BCMWLTRY.EXE
PID: 1240 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 1260 Status: -
PathC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PID: 1268 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 1304 Status: -
PathC:\WINDOWS\system32\alg.exe
PID: 1416 Status: -
PathC:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1444 Status: -
PathC:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1492 Status: -
PathC:\WINDOWS\system32\spoolsv.exe
PID: 1908 Status: -
PathC:\WINDOWS\system32\acs.exe
PID: 1948 Status: -
PathC:\WINDOWS\system32\svchost.exe
PID: 2000 Status: -
PathC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2040 Status: -
PathC:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PID: 2576 Status: -
PathC:\WINDOWS\system32\WgaTray.exe
PID: 2680 Status: -
PathC:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2740 Status: -
PathC:\WINDOWS\explorer.exe
PID: 2836 Status: -
PathC:\Documents and Settings\Donell\My Documents\Downloads\RootRepeal.exe
PID: 3160 Status: -
PathC:\WINDOWS\system32\igfxpers.exe
PID: 3304 Status: -
PathC:\Program Files\Opera\opera.exe
PID: 3328 Status: -
PathC:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PID: 3392 Status: -
PathC:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PID: 3400 Status: -
PathC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 3408 Status: -
PathC:\WINDOWS\SOUNDMAN.EXE
PID: 3416 Status: -
PathC:\WINDOWS\vsnp2std.exe
PID: 3424 Status: -
PathC:\WINDOWS\system32\hkcmd.exe
PID: 3508 Status: -
PathC:\Program Files\Atheros\ACU.exe
PID: 3520 Status: -
PathC:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PID: 3544 Status: -
PathC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 3572 Status: -
PathC:\Program Files\Java\jre6\bin\jusched.exe
PID: 3584 Status: -
PathC:\WINDOWS\system32\wuauclt.exe
PID: 3596 Status: -
PathC:\Program Files\iTunes\iTunesHelper.exe
PID: 3672 Status: -
PathC:\WINDOWS\system32\ctfmon.exe
PID: 3684 Status: -
PathC:\Program Files\Rainlendar2\Rainlendar2.exe
PID: 3876 Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Not hooked
#: 041 Function Name: NtCreateKey
Status: Not hooked
#: 065 Function Name: NtDeleteValueKey
Status: Not hooked
#: 068 Function Name: NtDuplicateObject
Status: Not hooked
#: 119 Function Name: NtOpenKey
Status: Not hooked
#: 122 Function Name: NtOpenProcess
Status: Not hooked
#: 128 Function Name: NtOpenThread
Status: Not hooked
#: 177 Function Name: NtQueryValueKey
Status: Not hooked
#: 204 Function Name: NtRestoreKey
Status: Not hooked
#: 247 Function Name: NtSetValueKey
Status: Not hooked
Hidden Services
-------------------
==EOF==
OTL Log:
OTL logfile created on: 9/8/2009 9:18:03 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Donell\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
758.42 Mb Total Physical Memory | 407.16 Mb Available Physical Memory | 53.68% Memory free
1.06 Gb Paging File | 0.65 Gb Available in Paging File | 60.93% Paging File free
Paging file location(s): c:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.53 Gb Free Space | 26.95% Space Free | Partition Type: NTFS
Drive D: | 16.82 Gb Total Space | 15.59 Gb Free Space | 92.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DONELL-F8D64C2C
Current User Name: Donell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2005/01/03 18:40:42 | 00,854,528 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2009/08/17 23:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/18 00:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/12/27 17:12:16 | 00,036,864 | ---- | M] () -- C:\windows\System32\acs.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/18 19:32:03 | 00,081,920 | R--- | M] () -- C:\windows\System32\SupportAppXL\cdrom_mon.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/09/07 23:55:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/03/23 20:03:53 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2004/12/22 01:32:00 | 00,065,536 | ---- | M] () -- C:\windows\System32\wltrysvc.exe
PRC - [2004/12/22 01:32:00 | 00,827,499 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmwltry.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/08/18 00:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/18 00:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WgaTray.exe
PRC - [2008/04/14 08:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2005/08/24 12:51:12 | 00,114,688 | R--- | M] (Intel Corporation) -- C:\windows\System32\igfxpers.exe
PRC - [2008/10/07 23:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2005/02/04 11:12:58 | 00,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/04 11:11:48 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/04/15 11:01:46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\SOUNDMAN.EXE
PRC - [2007/05/10 16:58:42 | 00,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/08/24 12:47:18 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\windows\System32\hkcmd.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2005/01/31 08:05:50 | 00,253,952 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/08/18 00:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/07 23:55:41 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/08/22 18:31:06 | 05,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/18 18:27:06 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/08/28 13:13:02 | 00,832,808 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/02/06 18:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe
PRC - [2009/09/07 23:25:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donell\My Documents\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2004/12/27 17:12:16 | 00,036,864 | ---- | M] () -- C:\windows\System32\acs.exe -- (ACS [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 23:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/02/18 19:32:03 | 00,081,920 | R--- | M] () -- C:\windows\System32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor [Auto | Running])
SRV - [2009/08/18 00:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/18 00:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/18 00:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - File not found -- -- (avg8wd [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/23 19:29:33 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2008/04/14 08:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/01/03 18:40:42 | 00,854,528 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2005/01/03 18:40:42 | 00,854,528 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/09/07 23:55:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2009/03/17 08:39:00 | 02,800,669 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/03/23 20:03:53 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2004/12/22 01:32:00 | 00,065,536 | ---- | M] () -- C:\windows\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-yff3k"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-yff3k"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....x/?fr=yffk-sfp"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo....=ytff-yff3k&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/27 23:28:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/07 23:55:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/25 00:33:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/08 20:14:31 | 00,000,000 | ---D | M]
[2009/06/23 21:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\mozilla\Extensions
[2009/06/23 21:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/08 20:14:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\mozilla\Firefox\Profiles\wu3wha1t.default\extensions
[2009/06/24 22:10:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\mozilla\Firefox\Profiles\wu3wha1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/08 19:43:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/01 16:32:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/08/25 00:33:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 00:33:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/08 01:24:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/28 22:50:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/07 23:56:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/07/30 19:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 19:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/07 23:55:41 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/30 19:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/25 20:11:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 15:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 15:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 15:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 15:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 15:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 15:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 15:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (0 bytes) - C:\windows\System32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No CLSID value found.
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Donell\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190004533875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://my.levelupga...crypt/npkcx.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.4 58.69.254.3 124.104.135.63
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/07 22:36:21 | 00,000,049 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0d3f086e-3ef1-11de-9c53-00166fb80264}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{0d3f086e-3ef1-11de-9c53-00166fb80264}\Shell\Open\Command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{1a57f45c-d2a6-11db-982f-b330d612ff89}\Shell\Auto\command - "" = H:\RavMonE.exe -- File not found
O33 - MountPoints2\{1a57f45c-d2a6-11db-982f-b330d612ff89}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1efde56e-d83b-11db-984d-a0afcbbddc89}\Shell - "" = AutoRun
O33 - MountPoints2\{1efde56e-d83b-11db-984d-a0afcbbddc89}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2284de5c-1914-11dd-9abd-00166fb80264}\Shell - "" = AutoRun
O33 - MountPoints2\{2284de5c-1914-11dd-9abd-00166fb80264}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2968e6e2-d2b3-11db-9830-cc04b9a69d88}\Shell - "" = AutoRun
O33 - MountPoints2\{2968e6e2-d2b3-11db-9830-cc04b9a69d88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{444ce05c-d1ec-11db-982c-a2d96b46e988}\Shell - "" = AutoRun
O33 - MountPoints2\{444ce05c-d1ec-11db-982c-a2d96b46e988}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{485a0675-8caa-11db-97c7-0016d34823e1}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{485a0675-8caa-11db-97c7-0016d34823e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d748469-70f7-11de-9cd1-00166fb80264}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{5d748469-70f7-11de-9cd1-00166fb80264}\Shell\Open\Command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{5def2a60-1b84-11de-9c10-00166fb80264}\Shell\AutoRun\command - "" = G:\y.bat -- File not found
O33 - MountPoints2\{5def2a60-1b84-11de-9c10-00166fb80264}\Shell\open\Command - "" = G:\y.bat -- File not found
O33 - MountPoints2\{606fd70a-9d42-11db-97e5-ddc59378568a}\Shell\AutoRun\command - "" = F:\d6fagcs8.cmd -- File not found
O33 - MountPoints2\{606fd70a-9d42-11db-97e5-ddc59378568a}\Shell\explore\Command - "" = F:\d6fagcs8.cmd -- File not found
O33 - MountPoints2\{606fd70a-9d42-11db-97e5-ddc59378568a}\Shell\open\Command - "" = F:\d6fagcs8.cmd -- File not found
O33 - MountPoints2\{606fd715-9d42-11db-97e5-ddc59378568a}\Shell\AutoRun\command - "" = F:\vuts0e.cmd -- File not found
O33 - MountPoints2\{606fd715-9d42-11db-97e5-ddc59378568a}\Shell\explore\Command - "" = F:\vuts0e.cmd -- File not found
O33 - MountPoints2\{606fd715-9d42-11db-97e5-ddc59378568a}\Shell\open\Command - "" = F:\vuts0e.cmd -- File not found
O33 - MountPoints2\{76032872-a7fb-11dd-9bbd-00166fb80264}\Shell - "" = AutoRun
O33 - MountPoints2\{76032872-a7fb-11dd-9bbd-00166fb80264}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79577994-a718-11dd-9bbc-00166fb80264}\Shell\AutoRun\command - "" = F:\y.bat -- File not found
O33 - MountPoints2\{79577994-a718-11dd-9bbc-00166fb80264}\Shell\open\Command - "" = F:\y.bat -- File not found
O33 - MountPoints2\{804390d6-78c2-11de-9ce2-00166fb80264}\Shell\AutoRun\command - "" = C:\windows\System32\setup.exe -- [2008/04/14 08:12:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{9176509a-0ae7-11dd-9a87-00166fb80264}\Shell\AutoRun\command - "" = bar311.exe %1
O33 - MountPoints2\{9176509a-0ae7-11dd-9a87-00166fb80264}\Shell\Explore\command - "" = bar311.exe %1
O33 - MountPoints2\{9176509a-0ae7-11dd-9a87-00166fb80264}\Shell\Open\command - "" = bar311.exe %1
O33 - MountPoints2\{aaf8142b-a661-11dd-9bb9-00166fb80264}\Shell\AutoRun\command - "" = F:\r1y1.bat -- File not found
O33 - MountPoints2\{aaf8142b-a661-11dd-9bb9-00166fb80264}\Shell\explore\Command - "" = F:\r1y1.bat -- File not found
O33 - MountPoints2\{aaf8142b-a661-11dd-9bb9-00166fb80264}\Shell\open\Command - "" = F:\r1y1.bat -- File not found
O33 - MountPoints2\{b55a20aa-ad8b-11dd-9bce-00166fb80264}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe
O33 - MountPoints2\{b55a20aa-ad8b-11dd-9bce-00166fb80264}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe
O33 - MountPoints2\{cc567824-0335-11de-9bf6-00166fb80264}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc567824-0335-11de-9bf6-00166fb80264}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{cc567824-0335-11de-9bf6-00166fb80264}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{d3fd895f-d202-11db-982d-bf18f35af688}\Shell - "" = AutoRun
O33 - MountPoints2\{d3fd895f-d202-11db-982d-bf18f35af688}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd3d1c40-459b-11dd-9b5a-00166fb80264}\Shell - "" = AutoRun
O33 - MountPoints2\{dd3d1c40-459b-11dd-9b5a-00166fb80264}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd3d1c40-459b-11dd-9b5a-00166fb80264}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e27815b4-f4ad-11dc-9a45-00166fb80264}\Shell\AutoRun\command - "" = F:\uulaqvl.cmd -- File not found
O33 - MountPoints2\{e27815b4-f4ad-11dc-9a45-00166fb80264}\Shell\explore\Command - "" = F:\uulaqvl.cmd -- File not found
O33 - MountPoints2\{e27815b4-f4ad-11dc-9a45-00166fb80264}\Shell\open\Command - "" = F:\uulaqvl.cmd -- File not found
O33 - MountPoints2\{f531f62e-4e3c-11dc-98d4-00030d000001}\Shell\AutoRun\command - "" = F:\lsass.exe -- File not found
O33 - MountPoints2\{f60f09e2-8c3f-11dc-9995-00166fb80264}\Shell\0pen\command - "" = F:\krag.exe -- File not found
O33 - MountPoints2\{f60f09e2-8c3f-11dc-9995-00166fb80264}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/09/08 01:23:53 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/08 01:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/08 01:23:45 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/08 01:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donell\Local Settings\Application Data\Opera
[2009/09/08 01:19:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donell\Application Data\Opera
[2009/09/08 01:19:19 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/09/08 01:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/09/08 01:05:44 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/09/08 01:00:13 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/08 00:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/08 00:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/08 00:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/09/08 00:52:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/09/08 00:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/09/08 00:52:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/09/08 00:37:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/09/08 00:32:50 | 00,001,596 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rainlendar2.lnk
[2009/09/08 00:32:39 | 00,000,000 | ---D | C] -- C:\Program Files\Rainlendar2
[2009/09/08 00:09:58 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2009/09/08 00:07:04 | 00,000,000 | R-SD | C] -- C:\windows\assembly
[2009/09/08 00:06:02 | 00,000,000 | ---D | C] -- C:\windows\Microsoft.NET
[2009/09/07 22:50:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/07 22:50:35 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/09/07 22:50:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/09/07 22:50:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 22:49:51 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/09/07 22:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/07 22:23:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/06 22:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/09/06 01:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donell\My Documents\xeno
[2009/09/06 00:59:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donell\My Documents\Suikuden 2
[2009/08/31 19:30:49 | 00,538,624 | ---- | C] () -- C:\Documents and Settings\Donell\My Documents\2009 Individual_family brochure_72109.doc
[2009/08/31 19:30:49 | 00,260,096 | ---- | C] () -- C:\Documents and Settings\Donell\My Documents\Enrollment Form.doc
========== Files - Modified Within 14 Days ==========
[2049/12/31 16:00:00 | 00,538,624 | ---- | M] () -- C:\Documents and Settings\Donell\My Documents\2009 Individual_family brochure_72109.doc
[2049/12/31 16:00:00 | 00,260,096 | ---- | M] () -- C:\Documents and Settings\Donell\My Documents\Enrollment Form.doc
[2009/09/08 21:13:46 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/09/08 21:12:19 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/09/08 21:12:10 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/09/08 20:31:44 | 16,532,630 | -H-- | M] () -- C:\Documents and Settings\Donell\Local Settings\Application Data\IconCache.db
[2009/09/08 20:27:47 | 00,002,626 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2009/09/08 19:37:42 | 00,001,111 | ---- | M] () -- C:\windows\win.ini
[2009/09/08 19:37:42 | 00,000,469 | ---- | M] () -- C:\windows\system.ini
[2009/09/08 01:23:53 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/08 01:19:19 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/09/08 01:05:44 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/09/08 01:00:13 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/08 00:32:50 | 00,001,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rainlendar2.lnk
[2009/09/08 00:09:54 | 00,409,600 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/09/08 00:09:54 | 00,395,768 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/09/08 00:09:54 | 00,059,842 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/09/07 22:50:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/07 00:05:34 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/09/06 18:33:52 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Donell\Desktop\Microsoft Office Word 2007.lnk
[2009/09/06 00:39:19 | 00,063,488 | ---- | M] () -- C:\Documents and Settings\Donell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 08:41:11 | 00,000,991 | ---- | M] () -- C:\Documents and Settings\Donell\Desktop\magicJack.lnk
[2009/09/01 00:30:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Donell\Desktop\yahoo_firefox_3.5.2_setup_usk.exe
[2009/08/28 16:22:33 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
========== LOP Check ==========
[2009/09/08 20:14:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/25 20:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/01/06 13:28:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/05/29 00:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/05/11 15:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/04/27 23:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/14 01:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/07/03 11:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/02/25 00:44:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/03/22 17:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/31 18:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/14 02:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2006/12/23 11:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/04/23 20:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/09/08 01:19:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Donell\Application Data
[2007/08/07 19:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Ahead
[2009/09/06 22:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Any Video Converter
[2009/04/03 13:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\ArcSoft
[2009/07/10 15:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\AVGTOOLBAR
[2008/03/21 22:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\CyberLink
[2008/02/17 19:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Datalayer
[2009/07/20 03:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\DNA
[2008/05/08 13:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\FrostWire
[2009/07/10 15:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\HouseCall 6.6
[2009/07/10 15:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\IObit
[2007/06/28 15:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Leadertech
[2009/05/28 19:57:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\LG Electronics
[2008/04/25 09:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\LimeWire
[2008/04/05 20:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Magic Match
[2009/09/01 08:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\mjusbsp
[2009/04/30 11:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Nokia
[2007/05/09 19:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Nokia Multimedia Player
[2009/09/08 01:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Opera
[2009/04/30 11:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\PC Suite
[2007/06/30 13:27:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\PlayFirst
[2006/12/16 10:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Rainlendar
[2009/06/16 14:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\SystemRequirementsLab
[2007/09/14 02:32:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\Tenebril
[2009/08/26 19:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\uTorrent
[2009/04/30 12:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donell\Application Data\ZoomBrowser EX
[2009/08/28 16:22:33 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
[2001/08/23 19:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/09/08 21:12:19 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2008/02/02 20:53:48 | 00,000,000 | RHS- | M] () -- C:\SilentSoftech.exe
< %systemroot%\system32\eventlog.dll >
[2008/04/14 08:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/14 08:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Donell\Desktop\yahoo_firefox_3.5.2_setup_usk.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Donell\Desktop\Sony Ericsson PC Suite_3.209.00_EN.exe:SummaryInformation
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
Extras Log:
OTL Extras logfile created on: 9/7/2009 11:25:54 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Donell\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
758.42 Mb Total Physical Memory | 297.42 Mb Available Physical Memory | 39.22% Memory free
1.06 Gb Paging File | 0.57 Gb Available in Paging File | 53.93% Paging File free
Paging file location(s): c:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 11.81 Gb Free Space | 30.24% Space Free | Partition Type: NTFS
Drive D: | 16.82 Gb Total Space | 15.59 Gb Free Space | 92.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DONELL-F8D64C2C
Current User Name: Donell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"G:\utorrent.exe" = G:\utorrent.exe:*:Disabled:µTorrent -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\dale\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\dale\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Donell\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Donell\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 15
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9092875A-D6E1-4B76-84F5-F9C0C6E14D10}" = ArcSoft PhotoImpression 6
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation Program
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{C1B93FF0-EDBB-43F1-8F4B-E0C8665EBE37}" = LG PC Suite II
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6F8C52CF07BBF1FE2471DC68C08F06D7C58B7D49" = Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CANONBJ_Deinstall_CNMCP76.DLL" = Canon iP1200
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner (remove only)
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"F.A. Davis's Nursing Care Plan, ed. 6, on CD-ROM" = F.A. Davis's Nursing Care Plan, ed. 6, on CD-ROM
"FLV Player" = FLV Player 2.0 (build 25)
"Game Booster_is1" = Game Booster
"Garena" = Garena
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Rainlendar" = Rainlendar (remove only)
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"ST6UNST #1" = Dealer Information System ver. 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 5/27/2007 2:05:10 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 5/27/2007 2:29:15 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Instant Messaging provider: cannot start
because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000.
Error - 5/27/2007 2:29:16 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - initialization error: P2P provider: cannot start because 'Norton
Antivirus / Symantec Antivirus' is active!, 00000000.
Error - 5/27/2007 2:29:16 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Standard Shield provider: cannot start
because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000.
Error - 10/4/2007 8:35:18 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://forum.gsmhost...mp;d=1166430343
failed, 00000026.
Error - 10/5/2007 4:09:45 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.gsmhostin...mp;d=1161358228 failed,
00000026.
Error - 10/5/2007 4:10:15 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.gsmhostin...mp;d=1161358228 failed,
00000026.
Error - 10/5/2007 4:10:39 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.gsmhostin...mp;d=1161358228 failed,
00000026.
Error - 10/5/2007 4:10:59 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.gsmhostin...mp;d=1161358357 failed,
00000026.
Error - 11/26/2007 10:11:44 AM | Computer Name = DONELL-F8D64C2C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.nokiapowe...t...ost&id=6626 failed, 00000026.
[ Application Events ]
Error - 6/9/2009 11:16:19 AM | Computer Name = DONELL-F8D64C2C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/12/2009 5:13:40 AM | Computer Name = DONELL-F8D64C2C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/12/2009 9:40:06 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.
Error - 6/14/2009 1:46:16 PM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emzdecmp4_h263.dll, version 2.6.1.0, fault address 0x00002827.
Error - 6/14/2009 1:47:10 PM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emzdecmp4_h263.dll, version 2.6.1.0, fault address 0x00002827.
Error - 6/14/2009 1:47:45 PM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emzdecmp4_h263.dll, version 2.6.1.0, fault address 0x00002827.
Error - 7/15/2009 9:44:24 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 9.0.0.2162, faulting module
yahoom~1.exe, version 9.0.0.2162, fault address 0x000a7714.
Error - 7/15/2009 9:46:59 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module yahoomessenger.exe, version 9.0.0.2162, fault address 0x000a7714.
Error - 7/24/2009 12:34:42 PM | Computer Name = DONELL-F8D64C2C | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 9/6/2009 6:39:32 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x0002aeec.
[ Application Events ]
Error - 6/9/2009 11:16:19 AM | Computer Name = DONELL-F8D64C2C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/12/2009 5:13:40 AM | Computer Name = DONELL-F8D64C2C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/12/2009 9:40:06 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.
Error - 6/14/2009 1:46:16 PM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emzdecmp4_h263.dll, version 2.6.1.0, fault address 0x00002827.
Error - 6/14/2009 1:47:10 PM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emzdecmp4_h263.dll, version 2.6.1.0, fault address 0x00002827.
Error - 6/14/2009 1:47:45 PM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emzdecmp4_h263.dll, version 2.6.1.0, fault address 0x00002827.
Error - 7/15/2009 9:44:24 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 9.0.0.2162, faulting module
yahoom~1.exe, version 9.0.0.2162, fault address 0x000a7714.
Error - 7/15/2009 9:46:59 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module yahoomessenger.exe, version 9.0.0.2162, fault address 0x000a7714.
Error - 7/24/2009 12:34:42 PM | Computer Name = DONELL-F8D64C2C | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 9/6/2009 6:39:32 AM | Computer Name = DONELL-F8D64C2C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x0002aeec.
[ System Events ]
Error - 9/7/2009 10:36:45 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/7/2009 10:36:45 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 9/7/2009 10:36:45 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/7/2009 10:36:45 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7034
Description = The avast! Mail Scanner service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/7/2009 10:36:46 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7034
Description = The InCD Helper service terminated unexpectedly. It has done this
1 time(s).
Error - 9/7/2009 10:44:05 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7000
Description = The AVG8 WatchDog service failed to start due to the following error:
%%2
Error - 9/7/2009 10:44:08 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86
Error - 9/7/2009 10:59:50 AM | Computer Name = DONELL-F8D64C2C | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 9/7/2009 11:00:15 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7000
Description = The AVG8 WatchDog service failed to start due to the following error:
%%2
Error - 9/7/2009 11:00:18 AM | Computer Name = DONELL-F8D64C2C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 IntelIde
< End of report >