Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.ControlPanelStyle

Started by superman280 , Sep 26 2009 11:23 PM

  • Please log in to reply

#1
superman280
Posted 26 September 2009 - 11:23 PM

superman280

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 9-26-2009 11:59:02 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M-d-yyyy

255.43 Mb Total Physical Memory | 79.25 Mb Available Physical Memory | 31.02% Memory free
1002.87 Mb Paging File | 809.82 Mb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 2 50D:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.00 Gb Total Space | 12.66 Gb Free Space | 66.64% Space Free | Partition Type: FAT32
Drive D: | 37.27 Gb Total Space | 19.26 Gb Free Space | 51.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009-06-09 11:00:38 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-08-06 11:15:18 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-03-02 13:08:48 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2001-08-23 12:00:00 | 01,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-09-16 02:10:34 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-09-26 23:54:34 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-09-16 15:46:44 | 01,852,488 | ---- | M] (Emsi Software GmbH) -- C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe -- (a2free [Disabled | Stopped])
SRV - [2009-06-09 11:00:38 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009-08-06 11:15:18 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DVLFHTPK [On_Demand | Stopped])
SRV - [2009-06-23 15:46:14 | 00,022,016 | ---- | M] (CPUID) -- C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -- (gxPti1 [On_Demand | Stopped])
SRV - [2001-08-23 07:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-06-26 09:12:30 | 00,361,672 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat [On_Demand | Stopped])
SRV - File not found -- -- (OpenDNS Updater.exe [Auto | Stopped])
SRV - [2006-01-13 00:46:58 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\System32\HPHipm09.exe -- (Pml Driver [On_Demand | Stopped])
SRV - File not found -- -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2009-06-26 09:12:20 | 03,132,104 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [On_Demand | Stopped])
SRV - [2009-06-23 15:46:14 | 00,022,016 | ---- | M] (CPUID) -- C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -- (tbYnK2 [On_Demand | Stopped])
SRV - [2004-09-22 18:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Stopped])
SRV - [2001-08-23 07:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.3
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.5
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-25 13:10:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-25 13:10:24 | 00,000,000 | ---D | M]

[2009-06-25 13:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2009-06-25 13:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-06-25 13:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions
[2009-09-10 15:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009-08-15 17:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009-08-15 17:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009-09-24 20:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009-09-25 00:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009-08-14 08:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-09-15 11:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2009-06-25 13:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-07-10 23:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\[email protected]
[2009-09-24 20:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\[email protected]
[2009-09-07 12:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\[email protected]
[2009-06-29 10:26:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\[email protected]
[2009-08-27 01:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\[email protected]
[2009-09-15 11:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\n8k0gkrd.default\extensions\[email protected]
[2009-06-25 13:10:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-06-25 13:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-09-16 02:10:34 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-09-16 02:10:34 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-07-16 21:16:24 | 00,042,696 | ---- | M] (Openplain) -- C:\Program Files\mozilla firefox\components\JPIMozilla.dll
[2009-07-25 05:23:02 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-09-16 02:10:36 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-09-24 21:16:16 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009-06-24 05:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-06-24 05:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-06-24 05:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-06-24 05:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-06-24 05:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-06-24 05:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-06-24 05:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (143 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.8 winsecurepro.microsoft.com
O1 - Hosts: 91.206.201.8 winsecurepro.com
O1 - Hosts: 91.206.201.8 www.winsecurepro.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [IdentaPop Pro] C:\Program Files\IdentaPop Pro\IdentaPopPro.Exe (IdentaFone Software)
O4 - HKCU..\Run: [ProjectTimer] C:\Documents and Settings\Dan\My Documents\Downloads\projecttimer141\ProjectTimer.exe (Daniel Schulte)
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\subliminalblaster.exe.lnk = C:\Program Files\Subliminal Blaster 2.0\subliminalblaster.exe ()
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\AnotherOneDone.exe.lnk = C:\Documents and Settings\Dan\My Documents\Computer\Timers\AnotherOneDone.exe (App's Apps)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range78 ([http] in Local intranet)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Value error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1217463015858 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2001-05-14 03:29:38 | 00,000,201 | -HS- | M] () - D:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2001-05-14 03:29:38 | 00,000,201 | -H-- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000-06-08 11:00:00 | 00,000,079 | -HS- | M] () - D:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2000-06-21 04:26:20 | 00,000,069 | -H-- | M] () - D:\AUTOEXEC.PTT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (pgdfgsvc) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O34 - HKLM BootExecute: © - File not found
O34 - HKLM BootExecute: (1) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009-09-26 23:18:43 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2009-09-26 23:18:43 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2009-09-26 22:13:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009-09-26 21:50:35 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009-09-26 21:23:24 | 00,098,467 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\3893015795_517a318230_o.jpg
[2009-09-26 21:08:35 | 00,295,469 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\kobe-battier.jpg
[2009-09-26 21:08:15 | 00,026,657 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\mutombo-prst-mala.jpg
[2009-09-26 12:39:45 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Danya letter.doc
[2009-09-26 01:34:31 | 09,321,718 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\hbks.mp3
[2009-09-25 22:52:07 | 00,100,267 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\activity_17_6.jpg
[2009-09-25 15:28:12 | 00,234,333 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\yaoscola.jpg
[2009-09-24 21:17:05 | 00,000,787 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Foxit Reader.lnk
[2009-09-24 21:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Foxit
[2009-09-24 21:03:31 | 00,001,536 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Update Checker.lnk
[2009-09-24 21:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2009-09-24 20:18:58 | 00,015,668 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\sustainability.jpg
[2009-09-24 20:18:50 | 00,056,668 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\pointing-finger.jpg
[2009-09-24 20:18:37 | 00,107,808 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\thumbs_up.jpg
[2009-09-24 14:11:22 | 00,042,272 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\dikembe_finger2.jpg
[2009-09-24 00:46:04 | 00,152,613 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\niagra2.jpg
[2009-09-23 21:11:16 | 00,000,000 | ---D | C] -- C:\Program Files\RescueTime
[2009-09-23 17:46:00 | 00,000,000 | ---D | C] -- C:\Program Files\Openplain
[2009-09-23 15:31:44 | 00,208,050 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\3854800194_fa6fdbfc06.jpg
[2009-09-23 01:56:12 | 00,000,000 | ---D | C] -- C:\Program Files\Timetracker
[2009-09-22 22:41:46 | 00,001,309 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ProjectTimers-Rescued.ini
[2009-09-22 22:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Rayflectar Project Timers
[2009-09-22 18:57:31 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Scott Aguilar 9.21.09.doc
[2009-09-22 18:40:32 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Attention Economy.doc
[2009-09-22 18:39:22 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Changing Behavior.doc
[2009-09-22 15:38:48 | 00,000,000 | ---D | C] -- C:\Program Files\CPU Thermometer
[2009-09-22 14:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\Interuptron
[2009-09-22 14:32:26 | 00,000,686 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\AnotherOneDone.exe.lnk
[2009-09-21 20:42:35 | 00,063,488 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Subliminal Options.doc
[2009-09-21 16:23:07 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\subliminalblaster.exe.lnk
[2009-09-21 15:14:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\IdentaPop Pro
[2009-09-21 15:14:04 | 00,033,128 | ---- | C] () -- C:\WINDOWS\System32\Rk32.dll
[2009-09-21 15:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\IdentaPop Pro
[2009-09-20 00:03:02 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\Desktop\Recycled
[2009-09-19 01:45:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009-09-18 23:02:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\.trackballs
[2009-09-18 15:32:16 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Tweaks.doc
[2009-09-17 21:33:40 | 00,025,673 | ---- | C] () -- C:\WINDOWS\System32\gtw0260.cty
[2009-09-17 20:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\CPUID
[2009-09-17 10:10:57 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009-09-16 22:35:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\ProjectTimer
[2009-09-16 21:01:08 | 00,000,000 | ---D | C] -- C:\Program Files\Timers
[2009-09-15 22:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\OpenDNS Updater
[2009-09-15 20:18:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009-09-15 16:35:10 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Urgent and Important Matrix.doc
[2009-09-15 15:42:29 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009-09-15 13:35:39 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Tom W Training.doc
[2009-09-15 12:32:11 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2009-09-15 12:27:18 | 00,000,308 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009-09-15 12:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2009-09-15 00:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2009-09-15 00:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\a-squared Free
[2009-09-14 21:45:20 | 00,508,288 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\announcements_FINAL_090809.pdf
[2009-09-14 14:21:40 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\WorkAtHomeProfitZone.doc
[2009-09-14 12:26:00 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\OPTION ARMS and ALTAY.doc

========== Files - Modified Within 14 Days ==========

[2009-09-26 23:36:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2009-09-26 23:18:44 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2009-09-26 23:18:44 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2009-09-26 21:23:26 | 00,098,467 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\3893015795_517a318230_o.jpg
[2009-09-26 21:08:38 | 00,295,469 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\kobe-battier.jpg
[2009-09-26 21:08:18 | 00,026,657 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\mutombo-prst-mala.jpg
[2009-09-26 18:03:58 | 00,001,281 | ---- | M] () -- C:\WINDOWS\MultiTimer.ini
[2009-09-26 12:39:48 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Danya letter.doc
[2009-09-26 11:52:20 | 00,455,348 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-09-26 11:52:20 | 00,390,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-09-26 11:52:20 | 00,058,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-09-26 11:48:20 | 00,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009-09-26 11:48:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-09-26 11:48:10 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-09-26 11:48:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-09-26 11:44:20 | 09,622,604 | -H-- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2009-09-25 22:52:10 | 00,100,267 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\activity_17_6.jpg
[2009-09-25 15:28:16 | 00,234,333 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\yaoscola.jpg
[2009-09-25 15:08:22 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Houston Area Fortune Meetings.doc
[2009-09-24 21:17:06 | 00,000,787 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Foxit Reader.lnk
[2009-09-24 21:03:34 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Update Checker.lnk
[2009-09-24 20:49:56 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009-09-24 20:19:00 | 00,015,668 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\sustainability.jpg
[2009-09-24 20:18:52 | 00,056,668 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\pointing-finger.jpg
[2009-09-24 20:18:40 | 00,107,808 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\thumbs_up.jpg
[2009-09-24 14:11:26 | 00,042,272 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\dikembe_finger2.jpg
[2009-09-24 00:46:06 | 00,152,613 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\niagra2.jpg
[2009-09-23 15:31:46 | 00,208,050 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\3854800194_fa6fdbfc06.jpg
[2009-09-23 10:50:04 | 00,000,067 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-09-23 01:56:30 | 00,039,256 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-09-22 22:41:48 | 00,001,309 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ProjectTimers-Rescued.ini
[2009-09-22 18:57:32 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Scott Aguilar 9.21.09.doc
[2009-09-22 18:40:34 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Attention Economy.doc
[2009-09-22 18:39:24 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Changing Behavior.doc
[2009-09-22 15:21:20 | 00,039,256 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\GDIPFONTCACHEV1.DAT
[2009-09-22 14:33:06 | 00,000,686 | ---- | M] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\AnotherOneDone.exe.lnk
[2009-09-21 21:36:22 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Tom W Training.doc
[2009-09-21 20:42:38 | 00,063,488 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Subliminal Options.doc
[2009-09-21 16:24:24 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\subliminalblaster.exe.lnk
[2009-09-20 22:55:10 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009-09-20 22:48:32 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009-09-20 10:26:16 | 00,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-09-18 15:32:18 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Tweaks.doc
[2009-09-17 20:15:30 | 00,002,176 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-09-17 17:58:28 | 00,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009-09-17 12:58:18 | 00,118,272 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-16 01:39:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009-09-16 01:39:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009-09-16 01:39:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009-09-16 01:39:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009-09-16 01:39:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009-09-16 01:39:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009-09-16 01:38:50 | 00,000,193 | -HS- | M] () -- C:\boot.ini
[2009-09-15 16:35:12 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Urgent and Important Matrix.doc
[2009-09-15 14:54:38 | 00,011,334 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Comma Separated Values (Windows).CAL
[2009-09-14 21:45:22 | 00,508,288 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\announcements_FINAL_090809.pdf
[2009-09-14 14:21:42 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\WorkAtHomeProfitZone.doc
[2009-09-14 12:26:02 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\OPTION ARMS and ALTAY.doc

========== LOP Check ==========

[2006-07-22 16:14:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2007-11-25 18:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2009-09-15 20:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2007-11-28 01:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
[2009-07-07 11:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OnlineArmor
[2009-06-02 20:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OpenDNS Updater
[2009-03-30 22:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2008-04-02 01:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2006-07-22 16:14:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2009-09-18 23:02:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\.trackballs
[2009-06-03 20:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\4Team
[2008-10-30 13:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Audacity
[2009-03-10 00:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Bit Computing
[2009-08-04 17:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Dexpot
[2009-03-09 17:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\fosoft
[2009-09-24 21:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Foxit
[2009-05-31 21:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GlarySoft
[2008-11-02 14:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2009-01-15 16:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Icon Remover
[2009-09-21 15:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IdentaPop Pro
[2009-01-14 15:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Image Zone Express
[2009-06-16 18:50:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IObit
[2007-11-28 01:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\MSN6
[2009-03-12 12:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\NesterSoft
[2009-07-07 11:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OnlineArmor
[2009-09-15 22:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OpenDNS Updater
[2009-06-23 13:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Opera
[2009-01-14 15:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Printer Info Cache
[2009-01-21 16:46:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\procrastitrackerdbs
[2009-09-16 22:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\ProjectTimer
[2009-07-31 00:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\uTorrent
[2009-07-22 10:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\VSRevoGroup
[2009-04-23 14:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Workrave
[2001-08-23 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-09-26 11:48:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009-09-26 23:36:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Clean System Memory.job
[2009-09-26 11:48:20 | 00,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2009-09-20 22:48:32 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

[2006-07-21 11:48:30 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Fоnts
[2006-07-21 11:48:30 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Fоnts\Fоnts


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2001-08-23 12:00:00 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2001-08-23 12:00:00 | 00,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Files - Unicode (All) ==========
[2006-07-21 11:48:29 | 00,000,000 | ---D | C](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2006-07-21 11:48:30 | 00,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
< End of report >


OTL Extras logfile created on: 9-26-2009 11:59:03 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M-d-yyyy

255.43 Mb Total Physical Memory | 79.25 Mb Available Physical Memory | 31.02% Memory free
1002.87 Mb Paging File | 809.82 Mb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 2 50D:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.00 Gb Total Space | 12.66 Gb Free Space | 66.64% Space Free | Partition Type: FAT32
Drive D: | 37.27 Gb Total Space | 19.26 Gb Free Space | 51.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.hta [@ = ] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{526EE63A-9735-400C-B2B5-D1B8765C918F}_is1" = IdentaPop Pro
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7649FE41-A4BE-46CE-BF31-901945DA4378}_is1" = Rayflectar Project Timers 20090702
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"7-Zip" = 7-Zip 9.07 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"a-squared Free_is1" = a-squared Free 4.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CleanMem" = CleanMem
"CobBackup9" = Cobian Backup 9
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"Glary Utilities_is1" = Glary Utilities 2.15.0.738
"hp photosmart P1000 series_Driver" = hp photosmart P1000 series
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"NTREGOPT_is1" = NTREGOPT 1.1j
"OneTouch Version 3.0" = OneTouch Version 3.0
"OnlineArmor_is1" = Online Armor 3.5
"OpenDNS Updater" = OpenDNS Updater 2.0
"PaperPort 7.02" = PaperPort 7.02
"PC Wizard 2009_is1" = PC Wizard 2009.1.90
"PeerGuardian_is1" = PeerGuardian 2.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"Recuva" = Recuva (remove only)
"RegScrubXP_is1" = RegScrubXP 3.25
"Revo Uninstaller" = Revo Uninstaller 1.83
"Smart Defrag_is1" = Smart Defrag 1.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Subliminal Blaster 2.0" = Subliminal Blaster 2.0
"TIMELEFT3_is1" = TimeLeft
"Timers" = Timers
"Timetracker" = Timetracker 0.9.11.0
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinPowerPro" = PowerPro 4.9 (remove only)
"xp-AntiSpy" = xp-AntiSpy 3.97

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9-18-2009 12:26:03 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application devices.exe, version 5.3.0.557, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9-18-2009 2:19:18 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x50058924.

Error - 9-18-2009 12:30:13 PM | Computer Name = HOME | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfProc"
in
the "C:\WINDOWS\System32\perfproc.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 9-21-2009 2:37:21 PM | Computer Name = HOME | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfProc"
in
the "C:\WINDOWS\System32\perfproc.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 9-21-2009 6:26:06 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x50058924.

Error - 9-23-2009 10:28:26 PM | Computer Name = HOME | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfProc"
in
the "C:\WINDOWS\System32\perfproc.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 9-24-2009 11:21:52 PM | Computer Name = HOME | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 16 -- Error 25099. Unzipping core files
failed.

Error - 9-26-2009 3:07:16 AM | Computer Name = HOME | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application outlook.exe, version 10.0.4024.0, faulting module
user32.dll, version 5.1.2600.0, fault address 0x00006328.

Error - 9-26-2009 5:31:05 PM | Computer Name = HOME | Source = MsiInstaller | ID = 1013
Description = Product: Java™ 6 Update 14 -- A newer version of Java is already
installed.

Error - 9-27-2009 1:40:29 AM | Computer Name = HOME | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 16 -- Error 25099. Unzipping core files
failed.

[ System Events ]
Error - 9-26-2009 1:56:37 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 000629CFDBB4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9-27-2009 1:17:11 AM | Computer Name = HOME | Source = SideBySide | ID = 16842813
Description = Syntax error in manifest or policy file "C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint.exe" on line 3. The required attribute type
is missing from element assemblyIdentity.

Error - 9-27-2009 1:17:11 AM | Computer Name = HOME | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint.exe" on line 3.

Error - 9-27-2009 1:17:11 AM | Computer Name = HOME | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint.exe. Reference error message: The operation
completed successfully. .

Error - 9-27-2009 1:17:19 AM | Computer Name = HOME | Source = SideBySide | ID = 16842813
Description = Syntax error in manifest or policy file "C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint.exe" on line 3. The required attribute type
is missing from element assemblyIdentity.

Error - 9-27-2009 1:17:19 AM | Computer Name = HOME | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint.exe" on line 3.

Error - 9-27-2009 1:17:19 AM | Computer Name = HOME | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint.exe. Reference error message: The operation
completed successfully. .

Error - 9-27-2009 1:17:47 AM | Computer Name = HOME | Source = SideBySide | ID = 16842813
Description = Syntax error in manifest or policy file "C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint(2).exe" on line 3. The required attribute type
is missing from element assemblyIdentity.

Error - 9-27-2009 1:17:47 AM | Computer Name = HOME | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint(2).exe" on line 3.

Error - 9-27-2009 1:17:47 AM | Computer Name = HOME | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Dan\My
Documents\Downloads\SysRestorePoint(2).exe. Reference error message: The operation
completed successfully. .


< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/26 23:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP0
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\System32\drivers\rootrepeal.sys
Address: 0xF2B5E000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d3e40

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d45a0

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d25f0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e10b0

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf98c97ae

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d22a0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92cf560

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92cf940

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92cf040

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf98c97a4

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1580

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e1b30

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf98c97b3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf98c97bd

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1fc0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e1050

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e1080

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d35b0

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf98c97c2

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e1740

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92dfc00

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf98c9790

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92cf2e0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf98c9795

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d4230

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d39f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e0ff0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e1020

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d4720

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf98c97cc

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d3160

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf98c97c7

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1c70

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92e0fd0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d29b0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d13a0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1700

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf98c97b8

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d34b0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1e20

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1aa0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d18e0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf98c979f

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d1180

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d37d0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf92d43e0

==EOF==

Malwarebytes' Anti-Malware 1.41
Database version: 2864
Windows 5.1.2600

9-27-2009 12:19:29 AM
mbam-log-2009-09-27 (00-18-35).txt

Scan type: Quick Scan
Objects scanned: 126444
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP