OTL logfile created on: 12/6/2009 3:27:37 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
759.48 Mb Total Physical Memory | 362.20 Mb Available Physical Memory | 47.69% Memory free
1.44 Gb Paging File | 1.08 Gb Available in Paging File | 75.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.63 Gb Total Space | 92.34 Gb Free Space | 85.79% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.62 Gb Free Space | 14.87% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: QAD
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/12 07:36:46 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/07 17:15:07 | 00,600,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/07/07 17:14:38 | 00,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/05/11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2005/05/11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2005/01/12 14:54:56 | 00,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/03/04 09:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/08/21 05:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/07/14 19:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/02/11 21:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
========== Modules (SafeList) ==========
MOD - [2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/11/06 18:57:04 | 00,406,896 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\asOEHook.dll
MOD - [2009/07/12 02:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcp90.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/10/12 07:36:46 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro.../Pensacola.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 EB 13 C8 5E 71 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2009/12/01 14:17:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2009/12/01 14:17:09 | 00,000,000 | ---D | M]
O1 HOSTS File: (161 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 antiviraprof2009.microsoft.com
O1 - Hosts: 91.212.127.227 antiviraprof2009.com
O1 - Hosts: 91.212.127.227 www.antiviraprof2009.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.180.150 97.64.187.153
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAV\SASWINLO.dll - C:\Program Files\SUPERAV\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAV\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/26 03:28:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/10 11:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{de98fd6a-8ed2-11db-a1e0-000c76dc95ed}\Shell - "" = AutoRun
O33 - MountPoints2\{de98fd6a-8ed2-11db-a1e0-000c76dc95ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de98fd6a-8ed2-11db-a1e0-000c76dc95ed}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/02/04 13:26:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (73468417780219904)
========== Files/Folders - Created Within 14 Days ==========
[2009/12/06 15:20:26 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/01 14:15:30 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/01 14:15:30 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/01 14:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/01 14:14:48 | 00,361,520 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdi.sys
[2009/12/01 14:14:48 | 00,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdiv.sys
[2009/12/01 14:14:47 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/12/01 14:14:47 | 00,171,056 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.sys
[2009/12/01 14:14:47 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.sys
[2009/12/01 14:14:46 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.sys
[2009/12/01 14:14:46 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Ironx86.sys
[2009/12/01 14:14:45 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.sys
[2009/12/01 14:13:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/12/01 14:13:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1101000.013
[2009/12/01 14:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/01 14:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/12/01 13:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/01 13:58:31 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/01 13:58:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/01 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2009/12/01 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/29 18:12:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/29 18:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAV
[2009/11/29 18:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/11/29 16:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/29 16:26:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 16:26:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 16:26:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 16:26:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 16:25:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/29 16:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/29 16:06:04 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/29 16:06:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/29 16:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GeekToGo_Cleaning_Programs
[2009/11/29 16:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\GeekToGo_Cleaning_Programs
[2009/11/25 12:06:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\njnuom
========== Files - Modified Within 14 Days ==========
[2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/06 14:58:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/06 14:58:29 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/12/06 14:53:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/06 14:53:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 14:53:36 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/06 14:52:42 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/12/06 14:52:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/06 14:38:22 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 07:04:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[2009/12/01 14:16:15 | 00,819,994 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/01 14:15:30 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/01 14:15:30 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/01 14:15:30 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/01 14:15:30 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/01 14:15:22 | 00,000,740 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/12/01 14:14:52 | 00,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/01 14:13:11 | 00,000,818 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2009/11/29 18:12:17 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/29 16:26:52 | 00,000,722 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 16:24:27 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/29 15:41:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/29 15:38:54 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/25 07:07:49 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 11:23:44 | 00,001,269 | ---- | M] () -- C:\WINDOWS\win.ini
========== Files Created - No Company Name ==========
[2009/12/06 14:37:39 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/12/01 14:15:49 | 00,819,994 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/01 14:15:30 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/01 14:15:30 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/01 14:14:52 | 00,001,997 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/01 14:14:00 | 00,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNetV.inf
[2009/12/01 14:14:00 | 00,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.inf
[2009/12/01 14:13:59 | 00,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.inf
[2009/12/01 14:13:59 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/12/01 14:13:59 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.inf
[2009/12/01 14:13:59 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.inf
[2009/12/01 14:13:59 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Iron.inf
[2009/12/01 14:13:58 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\ccHPx86.inf
[2009/12/01 14:13:50 | 00,007,774 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symnetv.cat
[2009/12/01 14:13:50 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.cat
[2009/12/01 14:13:49 | 00,007,493 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/12/01 14:13:49 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.cat
[2009/12/01 14:13:49 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.cat
[2009/12/01 14:13:49 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.cat
[2009/12/01 14:13:49 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\iron.cat
[2009/12/01 14:13:48 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.cat
[2009/12/01 14:13:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\isolate.ini
[2009/12/01 13:56:19 | 00,000,818 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2009/11/29 18:12:17 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/29 16:26:52 | 00,000,722 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 16:24:26 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/02 08:38:17 | 00,000,384 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/25 14:25:42 | 00,000,445 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_PROTOCOL.log
[2008/01/25 14:25:41 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_UI.log
[2008/01/25 14:25:41 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/01/25 14:25:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_API.log
[2006/01/18 09:44:35 | 00,000,311 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2005/04/22 12:05:30 | 00,010,680 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/03/24 10:59:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/02/04 13:10:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/01/28 20:21:05 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/28 20:21:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/27 04:47:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/27 04:26:18 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/26 07:32:19 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/26 07:31:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/26 07:31:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/26 07:27:36 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/26 07:23:22 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/26 07:17:11 | 00,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/26 07:16:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/26 07:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/26 07:00:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/26 06:46:03 | 00,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/26 05:11:29 | 00,002,544 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/26 04:56:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/26 04:14:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/26 04:02:59 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/26 04:02:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/26 04:02:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/26 03:33:52 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/26 02:11:44 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/23 02:19:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 00:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
========== LOP Check ==========
[2009/12/01 13:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2005/04/28 10:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/04/16 13:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2009/03/30 12:33:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/02/09 11:25:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/11/16 10:20:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2008/01/25 14:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2004/01/27 04:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2006/06/08 11:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/02/10 14:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/01/26 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/02/09 14:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\System Tweaker
[2004/05/05 10:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/02/09 11:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/05/15 06:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
[2009/12/02 07:04:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
[2008/04/17 06:07:28 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/07/19 13:08:12 | 35,604,792 | ---- | M] () -- C:\NISAS05ENG.exe
< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/08/15 20:05:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< End of report >
OTL Extras logfile created on: 12/6/2009 3:27:37 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
759.48 Mb Total Physical Memory | 362.20 Mb Available Physical Memory | 47.69% Memory free
1.44 Gb Paging File | 1.08 Gb Available in Paging File | 75.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.63 Gb Total Space | 92.34 Gb Free Space | 85.79% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.62 Gb Free Space | 14.87% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: QAD
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"30236:TCP" = 30236:TCP:*:Enabled:PORT_30236
"8538:TCP" = 8538:TCP:*:Enabled:PORT_8538
"45723:TCP" = 45723:TCP:*:Enabled:PORT_45723
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{314D1B1F-1C53-489A-91C6-0BCAD7012906}" = AdwareAlert
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E2B5D63-AAFA-40BD-B499-90308E1E2D9E}" = DesignCAD 3D Max 14
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BackWeb-1940576 Uninstaller" = Compaq Connections
"Compaq Instant Support" = Compaq Instant Support
"ERUNT_is1" = ERUNT 1.1j
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8E2B5D63-AAFA-40BD-B499-90308E1E2D9E}" = DesignCAD 3D MAX 14
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA GART Driver" = NVIDIA GART Driver
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"SpamSubtract" = SpamSubtract
"sTile99_is1" = sTile V2.6
"System Tweaker_is1" = Uniblue System Tweaker
"TweakNow PowerPack 2006 Professional_is1" = TweakNow PowerPack 2006 Professional
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/17/2009 1:57:01 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/17/2009 1:57:01 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/18/2009 8:55:27 AM | Computer Name = QAD | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =
Error - 11/20/2009 3:44:03 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/20/2009 3:44:03 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/20/2009 3:44:06 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/20/2009 3:44:06 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/20/2009 3:52:12 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/30/2009 12:18:37 PM | Computer Name = QAD | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =
Error - 12/6/2009 12:49:36 PM | Computer Name = QAD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4ec683bd.
[ System Events ]
Error - 12/6/2009 1:18:20 PM | Computer Name = QAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 12/6/2009 1:18:20 PM | Computer Name = QAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 12/6/2009 1:19:39 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 12/6/2009 4:18:24 PM | Computer Name = QAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 12/6/2009 4:18:24 PM | Computer Name = QAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 12/6/2009 4:19:32 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 12/6/2009 4:39:18 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The SABProcEnum service failed to start due to the following error:
%%2
Error - 12/6/2009 4:54:05 PM | Computer Name = QAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 12/6/2009 4:54:05 PM | Computer Name = QAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 12/6/2009 4:55:11 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/6/2009 2:12:47 PM
mbam-log-2009-12-06 (14-12-47).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 214786
Time elapsed: 1 hour(s), 55 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/06 15:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC9E2000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF76CE000 Size: 352256 File Visible: No Signed: -
Status: -
Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7690000 Size: 180224 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x83b7e548
#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x83b7e5e8
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x83c56490
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x83b734e8
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x83df3450
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc210
#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x83b7eb78
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x83b74470
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x83cc7238
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x83b735a8
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc490
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc9f0
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x83bb24f0
#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x83b726d0
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x83b7e810
#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x83b7e8b0
#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x83cc51a8
#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x83cd9660
#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x83b7ead8
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc7a0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x83e738b0
#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x83bb2450
#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x83b7d4e8
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x83e7ea90
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x83b74540
#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x83b7e688
#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x83b72b18
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x83b72bb8
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x83b7d7b0
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4ccc40
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x83b7d5a8
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x83b72df0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x83b7cf70
#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x83b72e90
#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x83b72c48
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x83c563e0
==EOF==
Thank you in advance for your help.