Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus System Pro 2009

Started by beatdogg , Nov 28 2009 12:55 PM

  • Please log in to reply

#1
beatdogg
Posted 28 November 2009 - 12:55 PM

beatdogg

    Member

  • Member
  • PipPip
  • 10 posts
Avast AV warned me when I became infected with this but apparently couldn't stop it. Since then when I start Windows XP sp2 normally it starts Antivirus System Pro 2009 in the system tray and it's "scanner" pops up pretending to scan something. Any program I try to run, including the tools in your Malware and Spyware Cleaning Guide get killed immediately and a pop up window says for example "otl.exe is infected with a virus. Do you want to scan your computer for viruses now?" Answering yes will make the AV Sys Pro scanning program pop-up along with my browser to some viagra site or something.

I ran WinXP in safe mode with networking and did all of the steps in the Malware and Spyware Cleaning Guide. The following are the rootrepeal.txt, otl.txt and extras.txt contents. All of these were run in Windows safemode because as I mentioned they won't run in normal mode:

RootRepeal.txt
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 10:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA237000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79AF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9FBF000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

OTL.txt
OTL logfile created on: 11/28/2009 10:38:15 AM - Run 1
OTL by OldTimer - Version 3.1.11.1 Folder = C:\firefox downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 77.53% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 45.81 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 61.17 Gb Free Space | 82.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 135.22 Gb Total Space | 37.96 Gb Free Space | 28.08% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEATDOGG01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/27 21:57:35 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\firefox downloads\OTL(2).exe
PRC - [2009/11/05 23:59:16 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/27 21:57:35 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\firefox downloads\OTL(2).exe
MOD - [2005/08/31 17:41:53 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004/08/03 23:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WMP54Gv4SVC)
SRV - File not found -- -- (Sr10srvmf)
SRV - [2009/09/11 23:12:39 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/17 08:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 08:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 08:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 07:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/04/11 13:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/03/24 12:50:19 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/27 22:53:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c999713a08d4c2) Google Update Service (gupdate1c999713a08d4c2)
SRV - [2008/12/06 23:28:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/15 05:53:14 | 06,447,744 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL)
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/29 18:19:34 | 00,041,472 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbMediaService.exe -- (OrbMediaService)
SRV - [2007/12/06 22:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/09/27 11:10:02 | 00,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/19 10:20:07 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/07/31 16:36:54 | 03,294,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/01/20 12:13:05 | 00,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/12/02 05:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/04/20 07:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/02/20 11:23:08 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2005/10/21 15:09:44 | 00,229,376 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 15:08:34 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/10/21 15:05:42 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 12:58:02 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 12:57:20 | 00,405,504 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/03 23:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/03 23:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/03 23:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2004/08/03 23:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/27 22:09:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 14:24:17 | 00,000,000 | ---D | M]

[2009/11/27 22:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/11/27 22:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8qvlc4y6.default\extensions
[2009/11/26 23:02:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/11 23:12:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL ()
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Ghost 12.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osfdtgaf] C:\Documents and Settings\Beat Dogg\Local Settings\Application Data\krdkjk\jmtgsysguard.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {63BAD261-EF5B-4B8A-9452-E2067A6BF523} http://imgreltest.da...ImageViewer.CAB (prjImageViewer.ImageViewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1169327135140 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169327676390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {93B72D7C-A966-4DC8-B8E4-64B8741A5AEC} http://imgreltest.da...veParameter.CAB (dfWeb.ucSaveParameter)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://df.webex.com...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email02.secur...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/20 11:45:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/20 03:31:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 14 Days ==========

[2009/11/27 22:20:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/27 22:20:37 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/27 22:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Sessions
[2009/11/27 22:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EmuPatchMixDSP
[2009/11/27 22:19:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/11/27 22:19:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/27 22:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FaxCtr
[2009/11/27 22:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/11/27 22:16:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/11/27 22:16:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2009/11/27 22:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/11/27 22:09:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/11/27 15:10:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/27 15:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/27 14:37:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/27 14:37:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/27 14:37:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/27 14:37:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/27 14:33:09 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/11/26 20:37:42 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/11/26 20:37:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2009/11/26 20:37:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009/11/26 20:37:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2009/11/26 20:37:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2009/11/26 20:37:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2009/11/26 20:37:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2009/11/26 20:37:42 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2009/11/26 20:37:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2009/11/26 20:37:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2009/11/26 20:37:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2009/11/26 20:37:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2009/11/26 20:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2005
[2009/11/26 20:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/11/26 20:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2009/11/26 20:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/11/26 20:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/11/26 20:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2009/11/22 11:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2009/11/16 19:20:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/11/16 19:19:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2007/12/10 21:03:54 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/01/23 21:56:20 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2007/01/23 21:56:20 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2007/01/23 21:54:32 | 00,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2007/01/23 21:54:31 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2007/01/23 21:54:31 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2007/01/23 21:54:30 | 00,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2007/01/23 21:54:30 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2007/01/23 21:54:28 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2007/01/23 21:54:26 | 00,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2007/01/23 21:54:26 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll

========== Files - Modified Within 14 Days ==========

[2009/11/28 10:32:56 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/28 10:32:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 10:32:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/27 22:22:29 | 00,001,644 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:29 | 00,001,644 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:29 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000000-00001102-00000004-40011102}.dat
[2009/11/27 22:22:29 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000000-00001102-00000004-40011102}.dat
[2009/11/27 22:22:29 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:29 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/27 22:21:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/27 22:19:00 | 00,062,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 22:16:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/27 22:16:43 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/27 22:15:45 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/27 22:03:38 | 00,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/27 14:37:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 20:23:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/25 09:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 22:31:09 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2009/11/24 22:25:50 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/11/22 17:06:54 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk

========== Files Created - No Company Name ==========

[2009/11/27 14:37:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 20:37:49 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/26 20:37:41 | 01,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/22 17:06:54 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2008/04/22 14:40:33 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/04/22 14:40:07 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/22 14:40:05 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/04/01 18:55:55 | 00,000,140 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/04/01 18:55:41 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/02/28 14:30:08 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/10/14 21:00:37 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/10/14 20:59:40 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/09/17 00:07:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 00:07:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/04 22:10:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/09/04 22:09:56 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/09/04 22:09:55 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/09/04 22:09:31 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/09/04 22:09:29 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/09/04 22:09:28 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/09/04 22:09:26 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/07/01 19:39:09 | 00,044,246 | ---- | C] () -- C:\WINDOWS\System32\Emu.ini
[2007/07/01 19:38:58 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2007/07/01 19:38:56 | 00,381,016 | ---- | C] () -- C:\WINDOWS\System32\CTEDSPSY.DLL
[2007/07/01 19:38:55 | 00,323,665 | ---- | C] () -- C:\WINDOWS\System32\CTEDSPFX.DLL
[2007/05/11 21:45:00 | 00,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/04/13 20:38:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/13 20:38:18 | 00,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/03/03 11:28:05 | 00,000,215 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/17 11:53:46 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/23 21:56:21 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2007/01/23 21:56:19 | 00,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2007/01/23 21:56:02 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2007/01/23 21:56:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2007/01/23 21:56:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2007/01/23 21:54:33 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2007/01/21 02:33:12 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/01/21 02:33:12 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/01/20 17:01:49 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/20 12:08:32 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2007/01/20 12:06:47 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/01/20 12:06:46 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/01/20 12:06:45 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/01/20 11:56:53 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/19 00:15:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/14 17:05:36 | 03,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/14 17:05:36 | 00,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/14 17:05:36 | 00,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/14 17:05:36 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/08/29 14:29:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/02/12 18:43:02 | 00,000,309 | ---- | C] () -- C:\WINDOWS\LProST.ini
[2003/10/02 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/20 10:04:28 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\Dtwain32.dll

========== LOP Check ==========

[2009/11/27 22:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EmuPatchMixDSP
[2008/01/03 17:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2008/01/03 17:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/08/23 17:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2007/07/08 21:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/14 20:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/18 00:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2007/02/04 21:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2008/05/19 16:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/08/30 21:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/13 19:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/16 19:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 07:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2003/03/31 04:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2003/03/31 04:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2003/03/31 04:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
< End of report >
[2009/11/28 10:41:21 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/28 10:37:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 10:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/11/28 10:32:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 10:32:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/27 22:22:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/27 22:21:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/27 22:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EmuPatchMixDSP
[2009/11/27 22:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/27 22:19:26 | 00,000,000 | ---D | M] -- C:\Program Files\lx_cats
[2009/11/27 22:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FaxCtr
[2009/11/27 22:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/11/27 22:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/11/27 22:19:00 | 00,062,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 22:16:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/27 22:16:43 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/27 22:15:45 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/27 22:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/11/27 22:09:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/11/27 15:09:52 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/11/27 14:48:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/11/27 14:37:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/27 14:37:32 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/27 14:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/26 20:40:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/11/26 20:23:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/25 21:11:56 | 00,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2009/11/25 09:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 22:35:11 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp Remote
[2009/11/24 22:25:50 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/11/22 18:11:21 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/22 18:10:09 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/22 18:10:06 | 00,000,000 | ---D | M] -- C:\Program Files\Doom 3
[2009/11/22 18:09:40 | 00,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/11/22 18:07:13 | 00,000,000 | ---D | M] -- C:\Program Files\DIRECTV
[2009/11/22 17:06:54 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2009/11/22 17:04:53 | 00,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2009/11/16 19:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/11/16 19:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/11/13 20:55:44 | 00,530,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/13 20:55:44 | 00,102,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/13 20:55:43 | 00,642,288 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/13 20:20:13 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/13 19:18:37 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/11/13 18:30:14 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2007/01/20 03:34:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/01/20 03:34:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 14 Days ==========

[2009/11/28 10:42:57 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/28 10:32:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 10:32:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/27 22:22:29 | 00,001,644 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:29 | 00,001,644 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:29 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000000-00001102-00000004-40011102}.dat
[2009/11/27 22:22:29 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000000-00001102-00000004-40011102}.dat
[2009/11/27 22:22:29 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:29 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000000-00001102-00000004-40011102}.rfx
[2009/11/27 22:22:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/27 22:21:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/27 22:19:00 | 00,062,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 22:16:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/27 22:16:43 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/27 22:15:45 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/27 22:03:38 | 00,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/27 14:37:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 20:23:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/25 09:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 22:31:09 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2009/11/24 22:25:50 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/11/22 17:06:54 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2009/11/13 20:55:44 | 00,530,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/13 20:55:44 | 00,102,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/13 20:55:43 | 00,642,288 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/13 20:20:13 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/13 19:18:37 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/11/13 18:30:14 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

========== LOP Check ==========

[2009/11/27 22:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EmuPatchMixDSP
[2008/01/03 17:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2008/01/03 17:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/08/23 17:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2007/07/08 21:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/14 20:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/18 00:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2007/02/04 21:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2008/05/19 16:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/08/30 21:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/13 19:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/16 19:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 07:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2003/03/31 04:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2003/03/31 04:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2003/03/31 04:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< End of report >


Extras.txt
OTL Extras logfile created on: 11/28/2009 10:38:15 AM - Run 1
OTL by OldTimer - Version 3.1.11.1 Folder = C:\firefox downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 77.53% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 45.81 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 61.17 Gb Free Space | 82.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 135.22 Gb Total Space | 37.96 Gb Free Space | 28.08% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEATDOGG01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"D:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe" = D:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe:*:Enabled:Bejeweled2 -- (PopCap.com)
"C:\Program Files\Gateway\HPA\GWMenu.exe" = C:\Program Files\Gateway\HPA\GWMenu.exe:*:Enabled:HPA/SCCD/SRCD New Code -- (Gateway Computers)
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\[email protected]\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe" = C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe:*:Enabled:VideoWave 8 -- (Roxio, Inc.)
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2005 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Java\jdk1.6.0_02\bin\jhat.exe" = C:\Program Files\Java\jdk1.6.0_02\bin\jhat.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\eclipse\eclipse.exe" = D:\eclipse\eclipse.exe:*:Enabled:eclipse -- File not found
"C:\Program Files\Eclipse\eclipse.exe" = C:\Program Files\Eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Eclipse\plugins\net.rim.eide.componentpack4.5.0_4.5.0.16\components\simulator\fledge.exe" = C:\Program Files\Eclipse\plugins\net.rim.eide.componentpack4.5.0_4.5.0.16\components\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator -- (Research In Motion Limited)
"C:\Program Files\Eclipse\plugins\net.rim.eide.componentpack5.0.0_5.0.0.4\components\simulator\fledge.exe" = C:\Program Files\Eclipse\plugins\net.rim.eide.componentpack5.0.0_5.0.0.4\components\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator -- (Research In Motion Limited)
"C:\Program Files\Eclipse\plugins\net.rim.eide.componentpack4.6.1_4.6.1.27\components\simulator\fledge.exe" = C:\Program Files\Eclipse\plugins\net.rim.eide.componentpack4.6.1_4.6.1.27\components\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator -- (Research In Motion Limited)
"C:\Program Files\Roxio\Easy Media Creator 8\Sound Editor\SoundEdit.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Sound Editor\SoundEdit.exe:*:Enabled:Roxio Sound Editor -- (Sonic Solutions)
"C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" = C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe:*:Enabled:Roxio UPnP Renderer Service -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D76D8E-A496-4870-8357-87C6D2B5E807}" = MySQL Server 5.1
"{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1102D7B1-098C-4F48-92F4-DC403E45A527}" = LightScribe Template Designs - Athletic Pack 1
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14A023A2-3B5C-467A-A6C4-8583AE0BDF0E}" = LightScribe Template Designs - Kickin It Pack 1
"{15B6EAD9-E83D-458F-AF6F-B8F865FA4F28}" = LightScribe Template Designs - Wedding Pack 1
"{18143CE1-430E-4FF3-A44F-811FD2910929}" = LightScribe Template Designs - Mythology Pack 1
"{19ABFD8F-CB86-4965-9282-047FC27084F1}" = SQLXML 3.0 SP3
"{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1
"{221E5BB1-E4B5-485A-A74B-5D4D5BF21E62}" = Motorola Driver Installation 3.8.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{272F534A-29A8-40D4-8E0C-2A9A596F808D}" = LightScribe Template Designs - Tribal Pack 1
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java™ SE Development Kit 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}" = LightScribe Template Designs - Music Pack 1
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{605C0E57-BBB8-458F-9020-B17DCF0D5DEA}" = LightScribe Template Designs - Floral Pack 1
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63D3D558-EAF4-419B-880C-208DAC13F794}" = LightScribe Template Designs - Travel Pack 1
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{725F0ABA-808A-4256-885C-1E60245521D0}" = LightScribe Template Designs - Sports Pack 1
"{742F1560-893C-457B-A47A-DBC62A1302FB}" = LightScribe Template Designs - Kids Korner Pack 1
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79D16FEF-F66A-4DF3-AE01-DF0AE3E3BA45}" = LightScribe Template Designs - Hobby Pack 1
"{81A28748-46BA-4010-A877-E9808993C214}" = LightScribe Template Designs - Architecture Pack 1
"{83B6779E-6956-4E79-A171-1986736B5EF4}" = dfImaging
"{85548764-32DC-43ED-BAA5-5386FDB2500A}" = LightScribe Template Designs - Urban Pack 1
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{9E9AEBE7-58A9-11D8-80AE-00036D10F3B7}" = LabelCreator Pro
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B0255743-165B-4BD5-8DA8-37DFB9930012}" = Norton Ghost
"{B06EFB5F-FDDC-4DA3-BE5C-3E2A72D5BEAE}" = LightScribe Template Designs - Food-n-Family Pack 1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4B03752-821B-4FEE-B906-07835E30A331}" = wIntegrate
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}" = LightScribe Template Designs - Grab Bag Pack 1
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC493C6A-A018-4E12-A171-BA352089FB11}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D5FCD625-BD97-4F56-B7C4-1D4BC586BB7A}" = BlackBerry JDE Component Package 4.7.0
"{DE72186D-A4A5-4504-839C-B14FC3432DA1}" = LightScribe Template Designs - Fantasy Pack 1
"{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}" = LightScribe Template Designs - Tattoo Pack 1
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F82E9B29-EE4B-418F-9CA4-A70DA610553D}" = LightScribe Template Designs - Street Style Pack 1
"{F8C7F1F2-EF8A-4019-89A8-77C5667F75C7}" = LightScribe Template Designs - Animal Pack 1
"{FA38652E-98FB-4095-9ACB-44E82C965C20}" = BlackBerry JDE 4.7.0
"{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}" = LightScribe Template Labeler
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitLord" = BitLord 1.1
"BlackBerry_{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"DreamStation DXi2" = DreamStation DXi2
"E-MU Audio Drivers" = E-MU Audio Drivers
"EMU PatchMix DSP" = E-MU PatchMix DSP
"ERUNT_is1" = ERUNT 1.1j
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"Google Updater" = Google Updater
"GrabIt_is1" = GrabIt 1.6.2 Beta (build 940)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{83B6779E-6956-4E79-A171-1986736B5EF4}" = dfImaging
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapSource" = MapSource
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"nbi-nb-base-6.5.1.0.200903060201" = NetBeans IDE 6.5.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sonar Producer Edition v4.0.2" = Sonar Producer Edition v4.0.2
"SONAR6Producer_is1" = SONAR 6 Producer Edition
"Steinberg Cubase VST" = Steinberg Cubase VST
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/10/2009 12:01:26 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\VSSVC.EXE-1F033002.pf failed, 0000A413.

Error - 9/10/2009 12:01:27 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\DLLHOST.EXE-1877BEC2.pf failed, 0000A413.

Error - 9/10/2009 12:01:33 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Repair\Backup\ServiceState\ConfigDirectory\Antiviru.evt failed, 0000A413.


Error - 9/10/2009 12:01:33 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Repair\Backup\ServiceState\ConfigDirectory\Internet.evt failed, 0000A413.


Error - 9/10/2009 12:01:33 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Repair\Backup\ServiceState\ConfigDirectory\userdiff failed, 0000A413.


Error - 11/5/2009 1:57:16 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRA~1\Symantec\LIVEUP~1\ludirloc.dat failed, 0000A413.

Error - 11/7/2009 12:28:26 AM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://delivery1.tra...y.net/batch.php failed, 0000A413.

Error - 11/7/2009 4:36:11 PM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\BEATDO~1\LOCALS~1\Temp\plugtmp-9\plugin-GetServerTime.aspx failed,
0000A413.

Error - 11/27/2009 7:19:00 PM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 11/27/2009 10:45:43 PM | Computer Name = BEATDOGG01 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

[ Application Events ]
Error - 11/19/2009 11:35:43 PM | Computer Name = BEATDOGG01 | Source = Application Hang | ID = 1002
Description = Hanging application VideoWave8.exe, version 8.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 5:24:14 AM | Computer Name = BEATDOGG01 | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 11/19/2009 11:35:43 PM | Computer Name = BEATDOGG01 | Source = Application Hang | ID = 1002
Description = Hanging application VideoWave8.exe, version 8.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 5:24:14 AM | Computer Name = BEATDOGG01 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 11/28/2009 2:15:44 AM | Computer Name = BEATDOGG01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/28/2009 2:17:33 AM | Computer Name = BEATDOGG01 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 11/28/2009 2:32:39 PM | Computer Name = BEATDOGG01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/28/2009 2:33:58 PM | Computer Name = BEATDOGG01 | Source = Service Control Manager | ID = 7001
Description = The FTP Publishing service depends on the IIS Admin service which
failed to start because of the following error: %%1068

Error - 11/28/2009 2:33:58 PM | Computer Name = BEATDOGG01 | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%1068

Error - 11/28/2009 2:33:58 PM | Computer Name = BEATDOGG01 | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1068

Error - 11/28/2009 2:33:58 PM | Computer Name = BEATDOGG01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips intelppm RxFilter SCDEmu

Error - 11/28/2009 2:34:36 PM | Computer Name = BEATDOGG01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/28/2009 2:35:24 PM | Computer Name = BEATDOGG01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/28/2009 2:41:15 PM | Computer Name = BEATDOGG01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


Thanks you in advance for your help.
-Chris
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP