Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

very sluggish

Started by david_macrae , Nov 23 2009 11:20 PM

  • Please log in to reply

#1
david_macrae
Posted 23 November 2009 - 11:20 PM

david_macrae

    Member

  • Member
  • PipPip
  • 11 posts
I have read the Malware and Spyware Cleaning Guide and followed it.

I ran all the programs suggested and it is better. I also used the registry mechanic on the registry. However I am still worried there is malware on this pc. Following are all the logs. If someone has time to analyse them and see what needs removing I would greatly appreciate it:


Mbam log:


Malwarebytes' Anti-Malware 1.41
Database version: 3219
Windows 5.1.2600 Service Pack 3

11/23/2009 2:23:18 PM
mbam-log-2009-11-23 (14-23-18).txt

Scan type: Quick Scan
Objects scanned: 137975
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/23 20:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 2c780bda.sys
Image Path: C:\WINDOWS\System32\Drivers\2c780bda.sys
Address: 0xAF690000 Size: 143744 File Visible: No Signed: -
Status: -

Name: ab07cd40.sys
Image Path: C:\WINDOWS\System32\Drivers\ab07cd40.sys
Address: 0xAF603000 Size: 574976 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB051C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF45B000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661cb0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb06619c0

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661b40

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb06625b0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662230

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662f10

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661e00

#: 116 Function Name: NtOpenFile
Status: Hooked by "kl1.sys" at address 0xf7863000

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218c90

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662400

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218d7e

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662bc0

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662ec0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0663230

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0663ae0

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb06672a0

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb065fa30

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662e70

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218bf4

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218ec4

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661cd0

==EOF==



OTL LOG:

OTL logfile created on: 11/23/2009 8:21:26 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Owner\Desktop\Brother David
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.45% Memory free
2.21 Gb Paging File | 1.83 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.09 Gb Total Space | 52.34 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive D: | 6.42 Gb Total Space | 2.34 Gb Free Space | 36.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LK4RLMSU41
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/23 20:20:01 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Brother David\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/14 09:56:27 | 00,413,696 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/07/14 09:56:20 | 01,626,112 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe
PRC - [2009/07/14 09:53:53 | 00,438,272 | ---- | M] () -- C:\Program Files\PCSecurityShield\BitDefender 2009\seccenter.exe
PRC - [2009/07/14 09:53:15 | 00,778,240 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2004/08/20 14:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/07/24 02:03:27 | 00,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
PRC - [2003/03/21 16:52:06 | 00,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/02/24 17:51:14 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2003/02/21 03:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 02:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [1998/05/07 15:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/23 20:20:01 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Brother David\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2003/07/24 02:03:27 | 00,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/08 07:46:09 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/07/14 09:56:27 | 00,413,696 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/07/14 09:56:20 | 01,626,112 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/07/14 09:51:13 | 00,323,584 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/17 11:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/08/23 13:16:26 | 00,200,768 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe -- (AVP)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2003/05/02 22:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/21 03:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/11 14:31:26 | 00,000,000 | ---D | M]

[2009/06/11 14:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/11 14:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2009 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\PCSecurityShield\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe (PCSecurityShield)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe (PCSecurityShield)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe (The Shield Deluxe 2009 )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll (PCSecurityShield)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sur...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} https://us.dl1.yimg....nst20040510.cab (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/24 00:29:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6ec66b7b-b417-11de-955a-00402b793ad3}\Shell - "" = AutoRun
O33 - MountPoints2\{6ec66b7b-b417-11de-955a-00402b793ad3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ec66b7b-b417-11de-955a-00402b793ad3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ed7c6639-9c87-11de-9524-00402b793ad3}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/05 17:10:37 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892114965102592)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/23 14:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/23 14:15:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/23 14:15:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/23 14:15:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/23 14:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/23 14:12:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/23 14:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/22 14:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Finale NotePad 2008
[2009/11/13 08:51:53 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/13 08:51:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/13 08:51:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

========== Files - Modified Within 14 Days ==========

[2009/11/23 20:22:36 | 25,235,488 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/23 20:22:34 | 01,698,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/23 20:21:18 | 03,932,160 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/23 20:10:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/23 19:20:59 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42DFBE74-20AC-4D0C-9FAE-E93F3DDC92FE}.job
[2009/11/23 19:17:18 | 00,000,450 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/11/23 16:16:13 | 00,001,456 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/23 16:13:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 16:13:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/23 16:13:24 | 21,380,95616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 16:12:51 | 00,294,188 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/23 16:12:51 | 00,159,332 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/23 16:12:48 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/11/23 16:12:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/23 15:55:34 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat.rmbak
[2009/11/23 15:20:33 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/11/23 14:08:30 | 00,471,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 14:08:30 | 00,402,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 14:08:30 | 00,063,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/22 14:16:35 | 06,925,388 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/22 13:30:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/16 14:11:39 | 00,011,488 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Youth North Region.docx
[2009/11/12 09:02:49 | 00,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 10:07:25 | 00,010,548 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Testimony Questions.docx

========== Files Created - No Company Name ==========

[2009/11/23 20:10:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/23 15:20:33 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/11/16 14:11:39 | 00,011,488 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Youth North Region.docx
[2009/09/08 07:50:08 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2009/09/08 07:50:03 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2009/09/08 07:49:58 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/09/08 07:49:57 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/06/29 05:59:04 | 00,081,928 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/22 11:02:55 | 00,002,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/18 07:52:50 | 00,000,533 | ---- | C] () -- C:\WINDOWS\PSDCWIN.INI
[2009/06/18 07:52:50 | 00,000,525 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI
[2009/06/05 19:21:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2008/10/09 14:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/01/31 12:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2003/08/26 07:40:37 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2003/08/26 07:40:37 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2003/08/26 07:40:24 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2003/08/26 07:40:24 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2003/08/26 07:40:23 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2003/08/26 07:40:18 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2003/08/26 07:40:09 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2003/08/26 07:40:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2003/08/26 07:39:59 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2003/08/26 07:39:49 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2003/08/26 07:04:45 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2003/08/26 07:04:36 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2003/08/26 07:02:33 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2003/08/26 07:02:33 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2003/08/26 07:02:33 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2003/08/26 07:02:33 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2003/08/26 07:02:33 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2003/08/26 07:02:33 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2003/08/26 07:02:33 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2003/08/26 07:02:33 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2003/08/26 07:02:33 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2003/08/26 07:02:33 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2003/07/26 02:17:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/26 00:57:44 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/07/24 02:10:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/07/24 02:10:24 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/07/24 02:10:24 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/07/24 02:05:31 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/07/24 02:02:11 | 00,025,438 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/07/24 02:01:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/07/24 02:01:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/07/24 01:47:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/24 01:47:40 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/24 01:19:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/24 00:52:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/24 00:50:43 | 06,925,388 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2003/07/24 00:44:55 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/07/24 00:44:55 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/07/24 00:44:37 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/07/24 00:32:33 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/24 00:31:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/07/24 00:29:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2003/07/24 00:26:33 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2003/07/24 00:26:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2003/07/24 00:25:42 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2003/07/24 00:25:41 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2003/07/24 00:18:12 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/24 00:17:53 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/24 00:17:49 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2003/07/24 00:17:49 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/24 00:17:44 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2003/07/24 00:17:42 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2003/07/24 00:17:42 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2003/07/24 00:17:42 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2003/07/24 00:17:42 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2003/07/24 00:17:42 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2003/07/24 00:17:42 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2003/07/24 00:17:34 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2003/07/24 00:17:27 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2003/07/24 00:17:14 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2003/07/23 21:46:21 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/23 21:46:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/07/23 17:22:13 | 00,471,444 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/07/23 17:22:12 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/23 17:21:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/06/23 17:27:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/12/12 06:14:32 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2002/12/12 06:14:32 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2002/12/12 06:14:32 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2002/12/12 06:14:32 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2002/12/12 06:14:32 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2002/12/12 06:14:32 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2002/12/12 06:14:32 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2002/12/12 06:14:32 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2002/12/12 06:14:32 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2002/12/12 06:14:32 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2002/11/26 13:15:52 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/11/26 13:15:50 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/05/24 07:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 07:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/17 21:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

========== LOP Check ==========

[2009/09/08 07:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/14 09:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2003/07/23 17:21:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/06/24 07:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/11/23 14:34:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/07/02 08:53:29 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/23 14:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/23 15:42:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/24 08:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2003/07/24 02:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/07/14 07:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
[2003/07/24 00:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/15 13:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/11/23 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/24 07:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/08/06 14:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/30 07:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/06/15 10:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/09/13 11:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/09/09 11:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/06/25 11:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2009/07/14 08:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2003/07/23 17:21:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2009/07/15 07:01:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/11/22 14:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GNU Solfege
[2009/06/22 13:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/10/11 14:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/09/08 13:50:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2009/06/24 07:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2003/07/24 00:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2003/07/26 00:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2009/07/22 09:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/06/23 13:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/06/11 14:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/11/23 14:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/30 19:00:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/06/22 10:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009/06/11 14:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/09/09 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/09/06 11:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2003/07/24 02:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/10/11 12:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sibelius Software
[2009/06/05 19:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2009/06/11 14:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2003/07/26 00:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2009/10/21 12:38:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2009/06/15 10:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2002/08/29 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/23 16:13:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/23 19:20:59 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{42DFBE74-20AC-4D0C-9FAE-E93F3DDC92FE}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/07/17 11:06:54 | 00,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 04:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >

< %SYSTEMDRIVE%\iastorv.sys /s /md5 >

< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


Extras log:

OTL Extras logfile created on: 11/23/2009 8:21:26 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Owner\Desktop\Brother David
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.45% Memory free
2.21 Gb Paging File | 1.83 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.09 Gb Total Space | 52.34 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive D: | 6.42 Gb Total Space | 2.34 Gb Free Space | 36.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-LK4RLMSU41
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D4B8C119-00F2-4C9D-A669-9AE3EA4A1641}" = The Shield Deluxe 2009
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"33A16A26-1533-4016-AE2D-89D6398D7EB2" = Blackhawk Striker from Compaq (remove only)
"350CC34B-2B8E-4EE5-AE4D-F04FDF37DC39" = Blasterball 2 from Compaq (remove only)
"623398D3-0B1E-4A63-A019-9BA8E77962AD" = Honeycombs from Compaq (remove only)
"75443238-3575-492C-9122-6A88DC3A2B75" = STX from Compaq (remove only)
"8567FC11-B0BF-49CD-9EF0-959413FA103D" = Slyder from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"99C981FF-0F90-4259-B2A6-D3B1A1589A0A" = Cannonballs from Compaq (remove only)
"9A8CE71F-71D5-4555-B355-85481DC99B80" = Excavation from Compaq (remove only)
"A6A08018-6E8D-44BA-B964-8235A0B34985" = Mars Rover from Compaq (remove only)
"AD0E57E8-ABB1-4BF6-9AFF-0C7DDA1710CD" = GemMaster 3 from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audio Record Wizard 4_is1" = Audio Record Wizard v4.0.1
"BackWeb-1940576 Uninstaller" = Compaq Connections
"EEDAA297-DFDF-436A-B977-D95EA63C907D" = Virtual Warfare from Compaq (remove only)
"ERUNT_is1" = ERUNT 1.1j
"Finale NotePad 2008" = Finale NotePad 2008
"GNU Solfege_is1" = GNU Solfege 3.14.9
"Homestead SiteBuilder" = Homestead SiteBuilder
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Instant Support" = Instant Support
"Java Web Start" = Java Web Start
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Membership Plus 9.0" = Membership Plus 9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Gart Driver" = NVIDIA Gart Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Registry Mechanic_is1" = Registry Mechanic 8.0
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Shop for HP Supplies" = Shop for HP Supplies
"SpamSubtract" = SpamSubtract
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2009 3:30:51 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2009 3:32:29 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.11.853, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2009 3:33:09 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.11.853, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2009 3:34:14 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.11.853, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 11:51:59 AM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2009 9:17:45 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.

Error - 9/18/2009 1:12:02 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
hpqcpta.dll, version 10.0.0.202, fault address 0x000046a9.

Error - 9/21/2009 6:40:32 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2009 9:19:48 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x629148c4.

Error - 9/24/2009 12:38:33 PM | Computer Name = YOUR-LK4RLMSU41 | Source = MsiInstaller | ID = 11925
Description = Product: Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office
programs -- Error 1925. You do not have sufficient privileges to complete this
installation for all users of the machine. Log on as administrator and then retry
this installation.

[ System Events ]
Error - 11/23/2009 7:25:41 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/23/2009 7:25:41 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/23/2009 7:35:10 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/23/2009 7:36:33 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/23/2009 7:56:30 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/23/2009 7:57:55 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/23/2009 8:03:19 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/23/2009 8:04:42 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/23/2009 8:13:41 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/23/2009 8:15:03 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >
  • 0

Advertisements

#2
david_macrae
Posted 02 December 2009 - 02:39 PM

david_macrae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
please close this topic.
thank you,
david

Edited by david_macrae, 02 December 2009 - 02:46 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP