Malwarebytes' Anti-Malware 1.41
Database version: 3252
Windows 5.1.2600 Service Pack 3
11/28/2009 3:54:03 PM
mbam-log-2009-11-28 (15-54-03).txt
Scan type: Quick Scan
Objects scanned: 111659
Time elapsed: 4 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 15:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF4150000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7b079ce
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b079c4
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7b079d3
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7b079dd
#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7b079e2
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b079b0
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b079b5
#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7b079ec
#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7b079e7
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7b079d8
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7b079bf
==EOF==
OTL Extras logfile created on: 11/28/2009 4:01:59 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
959.48 Mb Total Physical Memory | 490.26 Mb Available Physical Memory | 51.10% Memory free
1.51 Gb Paging File | 1.19 Gb Available in Paging File | 78.88% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 131.91 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
Drive D: | 650.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-W7NFSBJPH3
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Common Files\AOL\1124247037\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1124247037\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1125810388\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125810388\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0319B53F-FAE5-4811-B0B3-19CC1F8E674E}" = The Go Ronald Games
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}" = IOI Multimedia Card Reader
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6549AA0C-6D93-4E76-9A13-6A6A0AA4FD6D}" = TaxCut California 2008
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0319B53F-FAE5-4811-B0B3-19CC1F8E674E}" = The Go Ronald Games
"InstallShield_{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}" = IOI Multimedia Card Reader
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Neoteris_Secure_Application_Manager" = Secure Application Manager
"Nero PhotoShow Express" = Nero PhotoShow Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"RealPlayer 12.0" = RealPlayer
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Game Of Life" = The Game Of Life
"The Game of Life - SpongeBob SquarePants Edition" = The Game of Life - SpongeBob SquarePants Edition
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/5/2009 3:11:53 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
flash10c.ocx, version 10.0.32.18, fault address 0x0004f4d7.
Error - 10/14/2009 2:39:13 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....6020E5DFCE.crt>
with error: This operation returned because the timeout period expired.
Error - 10/14/2009 2:39:13 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....6020E5DFCE.crt>
with error: This network connection does not exist.
Error - 11/1/2009 10:26:25 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.1.8, faulting module
quicktime.qts, version 7.64.17.73, fault address 0x00103503.
Error - 11/12/2009 10:13:37 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = MsiInstaller | ID = 11905
Description = Product: URGE -- Error 1905.Module C:\Program Files\MTV Networks\URGE\redist\mninet20.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.
Error - 11/22/2009 7:29:21 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 11/23/2009 7:29:59 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 11/24/2009 3:59:52 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/26/2009 7:55:53 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 11/28/2009 2:51:26 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
[ System Events ]
Error - 11/28/2009 1:57:19 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Lavasoft Ad-Aware Service
service, but this action failed with the following error: %%1055
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7034
Description = The EPSON Printer Status Agent2 service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7031
Description = The WUSB54GCSVC service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7034
Description = The Kodak AiO Device Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 11/28/2009 7:38:56 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.
< End of report >
OTL logfile created on: 11/28/2009 4:01:59 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
959.48 Mb Total Physical Memory | 490.26 Mb Available Physical Memory | 51.10% Memory free
1.51 Gb Paging File | 1.19 Gb Available in Paging File | 78.88% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 131.91 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
Drive D: | 650.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-W7NFSBJPH3
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/28 16:00:32 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/27 11:31:59 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/27 11:31:59 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/24 12:02:23 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 12:02:22 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/21 18:00:07 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/27 14:15:13 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/13 11:07:20 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/11/13 10:00:32 | 01,052,672 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2007/09/28 10:30:48 | 00,936,960 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2005/11/22 09:44:44 | 05,245,952 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2003/10/06 13:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/06/25 10:24:48 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/06/03 11:01:32 | 00,496,640 | ---- | M] (Chicony) -- C:\WINDOWS\zHotkey.exe
PRC - [2003/03/31 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2002/07/17 01:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
========== Modules (SafeList) ==========
MOD - [2009/11/28 16:00:32 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (WUSB54GCSVC)
SRV - [2009/11/27 11:31:59 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/24 12:02:22 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/27 14:15:11 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/13 11:07:20 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2003/10/06 13:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/14 04:45:04 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/07/17 01:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 12:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>;*.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.5
FF - prefs.js..browser.search.selectedEngine: "search"
[2008/11/17 20:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/11/17 20:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zqrff8ju.default\extensions
O1 HOSTS File: (614790 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16153 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe (Chicony)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase4009.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1232761991484 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258995045968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8116.8369907407 (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.84.119.150 97.64.180.153
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/06 18:07:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/08/12 04:02:22 | 00,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1998/08/19 03:37:08 | 00,108,544 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (smrgdf) - C:\WINDOWS\System32\smrgdf.exe ()
O34 - HKLM BootExecute: (C:\Documents) - File not found
O34 - HKLM BootExecute: (and) - File not found
O34 - HKLM BootExecute: (Settings\Owner\Application) - File not found
O34 - HKLM BootExecute: (Data\iolo\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/02/06 18:07:17 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/28 16:00:29 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/28 15:54:47 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/28 15:42:17 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/11/28 15:41:35 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/28 15:38:23 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/28 15:36:01 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/11/28 10:03:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/28 10:03:03 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/27 11:13:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/27 11:04:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/11/27 11:04:11 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/11/27 11:04:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/11/27 11:04:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/11/27 10:58:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/11/27 10:52:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/11/26 10:13:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/25 11:37:51 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/11/24 12:04:12 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/11/24 12:03:54 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/24 11:59:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/24 11:59:11 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/24 11:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/23 16:27:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/23 16:26:49 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/23 16:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/11/23 15:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CBS Interactive
[2009/11/23 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums
[2009/11/23 10:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2009/11/22 15:28:33 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/11/22 15:28:33 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/11/22 15:28:33 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/11/22 15:28:33 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/11/22 15:28:33 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/11/22 15:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/22 15:28:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
========== Files - Modified Within 14 Days ==========
[2009/11/28 16:00:32 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/28 15:58:32 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/28 15:54:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/28 15:42:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/11/28 15:41:35 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/28 15:41:29 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/28 15:40:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 15:40:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 15:40:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 15:39:59 | 10,061,61920 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 15:39:02 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/28 15:39:02 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/28 15:38:27 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/28 15:36:40 | 00,008,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091128_153634.reg
[2009/11/28 10:45:47 | 04,224,872 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/28 08:35:30 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/27 22:09:03 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2009/11/27 13:42:06 | 00,078,488 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 13:37:06 | 00,000,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091127_133702.reg
[2009/11/27 13:36:36 | 00,016,302 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091127_133630.reg
[2009/11/27 12:57:00 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009/11/27 12:57:00 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/11/27 12:57:00 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/11/27 11:16:45 | 00,458,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/27 11:16:45 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/27 11:16:45 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/27 10:58:15 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/26 10:27:57 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091126_102754.reg
[2009/11/26 10:16:21 | 00,002,102 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091126_101616.reg
[2009/11/26 02:24:10 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/11/25 11:48:59 | 00,614,790 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/11/24 18:04:34 | 00,156,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MyArt.jpg
[2009/11/24 12:03:45 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/24 12:03:42 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/24 11:59:31 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/24 11:31:49 | 00,006,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2009/11/23 16:30:32 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/23 16:27:57 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/22 15:33:21 | 00,000,140 | ---- | M] () -- C:\WINDOWS\KA.INI
[2009/11/22 15:28:45 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/14 20:47:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
========== Files Created - No Company Name ==========
[2009/11/28 15:55:06 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/28 15:36:38 | 00,008,136 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091128_153634.reg
[2009/11/27 13:37:04 | 00,000,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091127_133702.reg
[2009/11/27 13:36:34 | 00,016,302 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091127_133630.reg
[2009/11/27 12:57:00 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009/11/27 12:57:00 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/11/27 12:57:00 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/11/27 10:58:43 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/11/27 10:58:41 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/11/26 10:27:55 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091126_102754.reg
[2009/11/26 10:16:18 | 00,002,102 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091126_101616.reg
[2009/11/24 18:04:34 | 00,156,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MyArt.jpg
[2009/11/24 13:43:16 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/24 12:04:31 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/24 11:59:31 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/23 16:27:57 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/23 16:10:03 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/22 15:28:45 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/09 13:54:46 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/01/19 23:52:04 | 00,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/03/05 19:38:21 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2007/12/18 11:49:16 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/29 19:05:07 | 00,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2007/09/29 19:05:07 | 00,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2007/09/22 10:45:57 | 00,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2007/09/22 10:44:53 | 00,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2007/09/22 10:44:53 | 00,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2007/09/22 10:44:52 | 00,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2007/07/05 09:39:00 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/05 09:39:00 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/02/19 07:34:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/18 23:27:08 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/11/18 00:23:31 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/17 20:42:06 | 00,000,070 | ---- | C] () -- C:\WINDOWS\B72B3E4F.ini
[2006/11/17 10:17:30 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/10/06 14:35:26 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\nicmgr.dll
[2006/09/10 12:59:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/03 07:42:51 | 00,000,024 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/10/05 18:34:59 | 00,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/10/05 18:10:37 | 00,000,140 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/06/26 11:06:39 | 00,000,209 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/05/16 20:20:59 | 00,425,064 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2004/05/16 20:00:15 | 00,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/05/16 19:57:29 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2004/05/16 19:57:29 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2004/05/16 19:57:29 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2004/05/16 18:40:56 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/05/10 21:40:21 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/05/08 18:43:05 | 00,000,171 | ---- | C] () -- C:\WINDOWS\EPSON CX5200 Installer.ini
[2003/02/06 20:23:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/06 19:41:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/02/06 19:40:09 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/02/06 19:40:09 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/02/06 18:48:54 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/02/06 18:48:18 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/02/06 16:48:57 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2003/02/06 16:48:50 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/02/06 16:48:44 | 00,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/02/06 16:48:37 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/02/06 16:48:37 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/05/15 10:13:20 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\SipCal.dll
[1999/09/17 18:12:54 | 00,044,344 | ---- | C] () -- C:\WINDOWS\System32\Seqcal.sys
[1995/03/21 16:00:00 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2009/10/05 22:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5e7b5
[2004/05/16 20:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/03/06 19:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/01/20 10:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/05/27 19:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2004/08/06 14:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
[2006/08/20 12:04:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/10/08 19:16:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Neoteris
[2008/07/15 19:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/01/27 18:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/10/21 20:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 13:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/14 13:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 18:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/24 11:59:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/08/31 20:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2009/11/24 11:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CBS Interactive
[2009/01/05 19:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EnchantedCavern
[2004/05/16 19:33:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/03/18 18:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2004/12/17 01:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Inbit
[2009/01/21 19:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2007/07/10 09:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2007/09/22 09:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2007/07/28 11:54:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2009/11/05 17:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/05/15 18:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2007/09/22 10:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2009/01/27 19:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2007/05/12 19:43:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/01/27 07:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/08/29 07:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2009/11/28 15:41:29 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/11/26 02:24:10 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/11/27 12:57:00 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/11/27 12:57:00 | 00,135,168 | ---- | M] () -- C:\zip.exe
< MD5 for: AGP440.SYS >
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/03/31 04:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2003/09/02 15:51:00 | 00,054,656 | ---- | M] (NVIDIA Corporation) MD5=04EF5690AC54924CF745A4A2D1FBF9C1 -- C:\Drivers\System\IDE\Win2K\NvAtaBus.sys
< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91EA783C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B117162
< End of report >