Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Avast detected Win32:Hupigon-ONX [Trj]


  • Please log in to reply

#1
tward48

tward48

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 4/15/2010 2:22:56 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Tommy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 2048 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 414.05 Gb Free Space | 88.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 418.41 Gb Free Space | 89.83% Space Free | Partition Type: NTFS
Drive F: | 117.19 Gb Total Space | 69.59 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 97.83 Gb Free Space | 84.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 114.23 Gb Free Space | 49.06% Space Free | Partition Type: FAT32

Computer Name: TOMMY-HQ
Current User Name: Tommy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/15 14:19:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
PRC - [2010/03/17 15:51:56 | 001,497,632 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
PRC - [2010/02/13 10:32:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe
PRC - [2010/02/13 10:32:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mlauncher.exe
PRC - [2010/02/13 10:32:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mcomm.exe
PRC - [2010/02/08 12:09:00 | 001,634,304 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/12/17 11:29:50 | 005,014,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2009/12/17 11:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2009/09/10 17:31:30 | 000,102,400 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe
PRC - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/06/25 15:13:48 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/02/03 03:23:04 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 14:19:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
MOD - [2009/11/24 18:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2006/02/03 03:23:12 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate1c9e85b619766f0) Google Update Service (gupdate1c9e85b619766f0)
SRV - [2010/03/17 15:51:56 | 001,497,632 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/12/17 11:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/09/10 17:31:30 | 000,102,400 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe -- (StorageCraft Image Manager)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.66.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:2.0
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 00:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 11:21:53 | 000,000,000 | ---D | M]

[2009/06/08 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Extensions
[2010/04/14 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions
[2009/06/25 13:20:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/06 10:56:24 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/07 11:43:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/30 15:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\lazarus@interclue.com
[2009/08/12 09:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\optout@dubfire.net
[2010/01/07 11:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\piclens@cooliris.com
[2010/03/26 13:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\support@lastpass.com
[2009/12/30 10:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\tineye@ideeinc.com
[2010/04/14 09:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/11 12:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: ([2009/10/23 12:21:41 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Tommy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/06 12:21:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - J:\autorun.in_2.org -- [ FAT32 ]
O33 - MountPoints2\{8c1b2dea-544d-11de-bc91-0022159696a0}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1b2dea-544d-11de-bc91-0022159696a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c1b2dea-544d-11de-bc91-0022159696a0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/06 06:06:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/15 14:19:57 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
[2010/04/15 12:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\Application Data\Malwarebytes
[2010/04/15 12:22:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 12:22:37 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 12:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 12:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/15 12:21:08 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tommy\Desktop\mbam-setup.exe
[2010/04/15 12:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 12:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/15 12:17:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tommy\Desktop\erunt_setup.exe
[2010/04/15 12:02:27 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\TFC.exe
[2010/04/15 00:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/13 22:02:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/08 08:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/01 20:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/03/26 11:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2010/03/17 18:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Eastman Kodak Company
[2009/08/26 12:17:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/30 13:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/06/11 15:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/09 09:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/06/08 14:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/08 12:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/06 12:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1998/08/24 09:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 14 Days ==========

[2010/04/15 14:23:01 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Tommy\NTUSER.DAT
[2010/04/15 14:19:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
[2010/04/15 14:19:26 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 14:19:26 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 14:19:26 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/15 14:18:14 | 000,215,383 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/15 14:18:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/15 14:18:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 14:15:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 14:15:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 13:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-1801674531-1003UA.job
[2010/04/15 13:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 13:02:49 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\gmer.zip
[2010/04/15 12:22:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 12:21:08 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tommy\Desktop\mbam-setup.exe
[2010/04/15 12:18:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\NTREGOPT.lnk
[2010/04/15 12:18:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\ERUNT.lnk
[2010/04/15 12:17:03 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tommy\Desktop\erunt_setup.exe
[2010/04/15 12:02:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\TFC.exe
[2010/04/15 11:21:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 08:43:39 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Microsoft Excel.lnk
[2010/04/15 07:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-1801674531-1003Core.job
[2010/04/14 17:02:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 10:22:30 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/04/13 09:15:48 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Microsoft Word.lnk
[2010/04/13 08:23:06 | 000,000,706 | ---- | M] () -- C:\WINDOWS\ODBC.INI

========== Files Created - No Company Name ==========

[2010/04/15 13:02:47 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\gmer.zip
[2010/04/15 12:22:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 12:18:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\NTREGOPT.lnk
[2010/04/15 12:18:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\ERUNT.lnk
[2010/04/15 10:37:09 | 000,157,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/13 10:22:30 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/17 18:43:22 | 000,073,604 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\c4u.log
[2010/03/17 18:43:20 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\LaunchHomeCenter.log
[2010/03/17 18:07:29 | 000,063,932 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\installer.log
[2009/11/09 19:17:15 | 000,008,279 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Microsoft Excel.EML
[2009/11/09 18:31:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2009/08/20 16:13:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/08/10 16:01:43 | 000,088,960 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\FASTWiz.log
[2009/07/07 10:39:49 | 000,012,966 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Comma Separated Values (Windows).CAL
[2009/07/07 10:37:20 | 000,009,388 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Comma Separated Values (Windows).EML
[2009/06/26 14:23:26 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Tommy\g2mdlhlpx.exe
[2009/06/25 11:40:28 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/06/17 08:33:39 | 000,000,356 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2009/06/10 11:54:48 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/06/09 09:48:42 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 09:03:11 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/06/08 15:38:59 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Comma Separated Values (Windows).ADR
[2009/06/08 11:36:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/06/08 11:36:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2009/06/08 11:36:46 | 000,000,086 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2009/06/08 11:36:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/06/08 11:36:16 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2009/06/06 13:00:03 | 000,000,706 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/06 12:36:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/06/06 12:36:44 | 000,032,367 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/06/06 12:36:43 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/06 12:36:14 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Tommy\ntuser.ini
[2009/06/06 12:36:13 | 005,505,024 | -H-- | C] () -- C:\Documents and Settings\Tommy\NTUSER.DAT
[2009/06/06 12:36:13 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Tommy\ntuser.dat.LOG
[2009/06/06 11:42:49 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/06/06 11:42:49 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/06/06 11:42:46 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/06/06 11:42:46 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/03/28 01:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/28 01:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/28 01:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/28 01:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/02/02 14:26:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_T.DLL
[2005/02/02 14:26:00 | 000,020,419 | ---- | C] () -- C:\WINDOWS\MSUMLT_T.INI
[2004/04/16 01:00:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[1999/03/11 21:07:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\CRUTL14.DLL

========== LOP Check ==========

[2009/06/09 09:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/06/25 12:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/03/17 18:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/03/17 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/06/25 12:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/25 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/11 12:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/06/09 09:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/04/15 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/11 13:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/17 08:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Canon
[2010/02/06 13:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/25 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\DriverCure
[2009/06/08 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\gtk-2.0
[2009/07/13 09:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\ImgBurn
[2009/06/10 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\NewSoft
[2009/06/10 15:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\NSBackup
[2010/02/08 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\ntr
[2009/09/22 08:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\OfficeUpdate12
[2010/04/06 09:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\ScanSoft
[2009/07/09 09:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\TeamViewer
[2010/04/15 09:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Temp
[2009/06/06 12:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Windows Desktop Search
[2009/06/22 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/06 06:10:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/06 06:10:27 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/06 06:10:27 | 000,937,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/17 15:52:46 | 000,101,280 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\drivers\sbmount.sys
[2010/03/17 15:53:18 | 000,181,920 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\drivers\stcvsm.sys
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
< End of report >

OTL Extras logfile created on: 4/15/2010 2:22:56 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Tommy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 2048 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 414.05 Gb Free Space | 88.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 418.41 Gb Free Space | 89.83% Space Free | Partition Type: NTFS
Drive F: | 117.19 Gb Total Space | 69.59 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 97.83 Gb Free Space | 84.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 114.23 Gb Free Space | 49.06% Space Free | Partition Type: FAT32

Computer Name: TOMMY-HQ
Current User Name: Tommy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser -- File not found
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe" = C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe:*:Disabled:NewSoft Network Group -- (NewSoft Technology Corporation)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe:*:Enabled:EKDiscovery.exe -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\StorageCraft\ImageManager\ImageManagerClient.exe" = C:\Program Files\StorageCraft\ImageManager\ImageManagerClient.exe:*:Enabled:ShadowProtect ImageManager Client -- (StorageCraft Technology Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D2DA4A-E991-438A-B3D3-CC847F4EAF36}" = ShadowProtect Desktop
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C9FC6CB-16FC-4381-A026-6D5CA4D63E8F}" = WFI EAD v2.2.8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55E9A475-8913-4A73-AA5B-B27E23E0C08B}" = Spheresoft Zip Code Tools
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9A2F0810-3636-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Mfg and Whsle Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABFF669D-90CF-4B70-A40E-7A92589427A2}" = PhoenixRC
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B6164988-AA55-4099-BB9C-EC058210DAD6}" = ImageManager
"{BD22805D-C490-4FC2-BBBF-80CBDCD800E7}" = Ground Loop Design Premier Financial 2009: WaterFurnace Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10F500A-3575-4BD1-8AB1-FA7ADD6C1A8D}" = ShadowProtect Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E9DCA3A9-7478-427C-9E98-765D980EF053}" = ScanSoft OmniPage 15.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast!" = avast! Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"GeoLink " = GeoLink
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2C9FC6CB-16FC-4381-A026-6D5CA4D63E8F}" = WFI EAD v2.2.8
"KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TeamViewer 5" = TeamViewer 5
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/15/2010 3:14:09 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 7:50:33 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 7:50:33 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 8:38:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 8:38:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 10:04:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 10:04:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 12:38:30 PM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 12:38:30 PM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 2:10:42 PM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

[ Application Events ]
Error - 4/15/2010 8:58:51 AM | Computer Name = TOMMY-HQ | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/15/2010 8:59:04 AM | Computer Name = TOMMY-HQ | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Manufacturing
and Wholesale Edition 2009": An attempt to LogOff without a logo

Error - 4/15/2010 9:33:11 AM | Computer Name = TOMMY-HQ | Source = Application Hang | ID = 1002
Description = Hanging application ashSimpl.exe, version 4.8.1367.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/15/2010 9:33:16 AM | Computer Name = TOMMY-HQ | Source = Application Hang | ID = 1001
Description = Fault bucket 1577472764.

Error - 4/15/2010 9:42:37 AM | Computer Name = TOMMY-HQ | Source = Application Hang | ID = 1002
Description = Hanging application ashSimpl.exe, version 4.8.1367.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/15/2010 12:22:01 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 11:22:01 AM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 12:27:04 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 11:27:04 AM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 1:07:53 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 12:07:53 PM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 1:37:08 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 12:37:08 PM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 2:16:26 PM Module: service Code: 504 Message: Full image must be created
before doing incremental images

[ System Events ]
Error - 4/15/2010 1:37:09 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 4/15/2010 3:15:09 PM | Computer Name = TOMMY-HQ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0022159696A0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/15/2010 3:15:26 PM | Computer Name = TOMMY-HQ | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9e85b619766f0) service failed
to start due to the following error: %%3

Error - 4/15/2010 3:15:26 PM | Computer Name = TOMMY-HQ | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 4/15/2010 3:16:24 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 4/15/2010 3:16:24 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/15/2010 3:16:24 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3991

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/15/2010 12:26:10 PM
mbam-log-2010-04-15 (12-26-10).txt

Scan type: Quick scan
Objects scanned: 109795
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 14:05:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tommy\LOCALS~1\Temp\fgliipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5EF46B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5EF4A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB5EF414C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB5EF408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB5EF40F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5EF476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5EF472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5EF48AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D70C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70C2] ZwCreateKey [0x804D70C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D70C7]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70C7] ZwOpenKey [0x804D70C7]

INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70D6

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB977D380, 0x34C81F, 0xE8000020]
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xB539A000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xB53EF224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xB53EF000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB52CB400, 0x6E1B2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5355220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5355220]
.protect˙˙˙˙hardlockunknown last code section [0xB5355000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB5355000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk2\DR2 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk3\DR6 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisement




Similar Topics: Avast detected Win32:Hupigon-ONX [Trj]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured