Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Avast detected Win32:Hupigon-ONX [Trj]


  • Please log in to reply

#1
tward48

tward48

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 4/15/2010 2:22:56 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Tommy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 2048 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 414.05 Gb Free Space | 88.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 418.41 Gb Free Space | 89.83% Space Free | Partition Type: NTFS
Drive F: | 117.19 Gb Total Space | 69.59 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 97.83 Gb Free Space | 84.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 114.23 Gb Free Space | 49.06% Space Free | Partition Type: FAT32

Computer Name: TOMMY-HQ
Current User Name: Tommy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/15 14:19:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
PRC - [2010/03/17 15:51:56 | 001,497,632 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
PRC - [2010/02/13 10:32:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe
PRC - [2010/02/13 10:32:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mlauncher.exe
PRC - [2010/02/13 10:32:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mcomm.exe
PRC - [2010/02/08 12:09:00 | 001,634,304 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/12/17 11:29:50 | 005,014,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2009/12/17 11:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2009/09/10 17:31:30 | 000,102,400 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe
PRC - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/06/25 15:13:48 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/02/03 03:23:04 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 14:19:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
MOD - [2009/11/24 18:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2006/02/03 03:23:12 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate1c9e85b619766f0) Google Update Service (gupdate1c9e85b619766f0)
SRV - [2010/03/17 15:51:56 | 001,497,632 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/12/17 11:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/09/10 17:31:30 | 000,102,400 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe -- (StorageCraft Image Manager)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.66.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:2.0
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 00:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 11:21:53 | 000,000,000 | ---D | M]

[2009/06/08 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Extensions
[2010/04/14 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions
[2009/06/25 13:20:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/06 10:56:24 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/07 11:43:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/30 15:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\lazarus@interclue.com
[2009/08/12 09:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\optout@dubfire.net
[2010/01/07 11:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\piclens@cooliris.com
[2010/03/26 13:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\support@lastpass.com
[2009/12/30 10:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\tineye@ideeinc.com
[2010/04/14 09:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/11 12:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: ([2009/10/23 12:21:41 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rgw96me9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Tommy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/06 12:21:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - J:\autorun.in_2.org -- [ FAT32 ]
O33 - MountPoints2\{8c1b2dea-544d-11de-bc91-0022159696a0}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1b2dea-544d-11de-bc91-0022159696a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c1b2dea-544d-11de-bc91-0022159696a0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/06 06:06:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/15 14:19:57 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
[2010/04/15 12:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\Application Data\Malwarebytes
[2010/04/15 12:22:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 12:22:37 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 12:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 12:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/15 12:21:08 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tommy\Desktop\mbam-setup.exe
[2010/04/15 12:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 12:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/15 12:17:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tommy\Desktop\erunt_setup.exe
[2010/04/15 12:02:27 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\TFC.exe
[2010/04/15 00:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/13 22:02:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/08 08:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/01 20:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/03/26 11:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2010/03/17 18:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Eastman Kodak Company
[2009/08/26 12:17:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/30 13:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/06/11 15:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/09 09:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/06/08 14:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/08 12:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/06 12:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1998/08/24 09:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 14 Days ==========

[2010/04/15 14:23:01 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Tommy\NTUSER.DAT
[2010/04/15 14:19:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\OTL.exe
[2010/04/15 14:19:26 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 14:19:26 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 14:19:26 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/15 14:18:14 | 000,215,383 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/15 14:18:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/15 14:18:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 14:15:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 14:15:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 13:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-1801674531-1003UA.job
[2010/04/15 13:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 13:02:49 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\gmer.zip
[2010/04/15 12:22:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 12:21:08 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tommy\Desktop\mbam-setup.exe
[2010/04/15 12:18:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\NTREGOPT.lnk
[2010/04/15 12:18:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\ERUNT.lnk
[2010/04/15 12:17:03 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tommy\Desktop\erunt_setup.exe
[2010/04/15 12:02:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommy\Desktop\TFC.exe
[2010/04/15 11:21:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 08:43:39 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Microsoft Excel.lnk
[2010/04/15 07:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-1801674531-1003Core.job
[2010/04/14 17:02:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 10:22:30 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/04/13 09:15:48 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Microsoft Word.lnk
[2010/04/13 08:23:06 | 000,000,706 | ---- | M] () -- C:\WINDOWS\ODBC.INI

========== Files Created - No Company Name ==========

[2010/04/15 13:02:47 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\gmer.zip
[2010/04/15 12:22:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 12:18:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\NTREGOPT.lnk
[2010/04/15 12:18:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\ERUNT.lnk
[2010/04/15 10:37:09 | 000,157,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/13 10:22:30 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/17 18:43:22 | 000,073,604 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\c4u.log
[2010/03/17 18:43:20 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\LaunchHomeCenter.log
[2010/03/17 18:07:29 | 000,063,932 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\installer.log
[2009/11/09 19:17:15 | 000,008,279 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Microsoft Excel.EML
[2009/11/09 18:31:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2009/08/20 16:13:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/08/10 16:01:43 | 000,088,960 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\FASTWiz.log
[2009/07/07 10:39:49 | 000,012,966 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Comma Separated Values (Windows).CAL
[2009/07/07 10:37:20 | 000,009,388 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Comma Separated Values (Windows).EML
[2009/06/26 14:23:26 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Tommy\g2mdlhlpx.exe
[2009/06/25 11:40:28 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/06/17 08:33:39 | 000,000,356 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2009/06/10 11:54:48 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/06/09 09:48:42 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 09:03:11 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/06/08 15:38:59 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Tommy\Application Data\Comma Separated Values (Windows).ADR
[2009/06/08 11:36:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/06/08 11:36:46 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2009/06/08 11:36:46 | 000,000,086 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2009/06/08 11:36:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/06/08 11:36:16 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2009/06/06 13:00:03 | 000,000,706 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/06 12:36:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/06/06 12:36:44 | 000,032,367 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/06/06 12:36:43 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/06 12:36:14 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Tommy\ntuser.ini
[2009/06/06 12:36:13 | 005,505,024 | -H-- | C] () -- C:\Documents and Settings\Tommy\NTUSER.DAT
[2009/06/06 12:36:13 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Tommy\ntuser.dat.LOG
[2009/06/06 11:42:49 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/06/06 11:42:49 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/06/06 11:42:46 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/06/06 11:42:46 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/03/28 01:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/28 01:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/28 01:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/28 01:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/02/02 14:26:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_T.DLL
[2005/02/02 14:26:00 | 000,020,419 | ---- | C] () -- C:\WINDOWS\MSUMLT_T.INI
[2004/04/16 01:00:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[1999/03/11 21:07:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\CRUTL14.DLL

========== LOP Check ==========

[2009/06/09 09:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/06/25 12:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/03/17 18:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/03/17 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/06/25 12:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/25 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/11 12:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/06/09 09:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/04/15 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/11 13:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/17 08:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Canon
[2010/02/06 13:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/25 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\DriverCure
[2009/06/08 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\gtk-2.0
[2009/07/13 09:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\ImgBurn
[2009/06/10 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\NewSoft
[2009/06/10 15:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\NSBackup
[2010/02/08 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\ntr
[2009/09/22 08:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\OfficeUpdate12
[2010/04/06 09:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\ScanSoft
[2009/07/09 09:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\TeamViewer
[2010/04/15 09:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Temp
[2009/06/06 12:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Windows Desktop Search
[2009/06/22 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/06 06:10:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/06 06:10:27 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/06 06:10:27 | 000,937,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/17 15:52:46 | 000,101,280 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\drivers\sbmount.sys
[2010/03/17 15:53:18 | 000,181,920 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\drivers\stcvsm.sys
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
< End of report >

OTL Extras logfile created on: 4/15/2010 2:22:56 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Tommy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 2048 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 414.05 Gb Free Space | 88.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 418.41 Gb Free Space | 89.83% Space Free | Partition Type: NTFS
Drive F: | 117.19 Gb Total Space | 69.59 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 97.83 Gb Free Space | 84.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 114.23 Gb Free Space | 49.06% Space Free | Partition Type: FAT32

Computer Name: TOMMY-HQ
Current User Name: Tommy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser -- File not found
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe" = C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe:*:Disabled:NewSoft Network Group -- (NewSoft Technology Corporation)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe:*:Enabled:EKDiscovery.exe -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\StorageCraft\ImageManager\ImageManagerClient.exe" = C:\Program Files\StorageCraft\ImageManager\ImageManagerClient.exe:*:Enabled:ShadowProtect ImageManager Client -- (StorageCraft Technology Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D2DA4A-E991-438A-B3D3-CC847F4EAF36}" = ShadowProtect Desktop
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C9FC6CB-16FC-4381-A026-6D5CA4D63E8F}" = WFI EAD v2.2.8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55E9A475-8913-4A73-AA5B-B27E23E0C08B}" = Spheresoft Zip Code Tools
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9A2F0810-3636-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Mfg and Whsle Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABFF669D-90CF-4B70-A40E-7A92589427A2}" = PhoenixRC
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B6164988-AA55-4099-BB9C-EC058210DAD6}" = ImageManager
"{BD22805D-C490-4FC2-BBBF-80CBDCD800E7}" = Ground Loop Design Premier Financial 2009: WaterFurnace Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10F500A-3575-4BD1-8AB1-FA7ADD6C1A8D}" = ShadowProtect Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E9DCA3A9-7478-427C-9E98-765D980EF053}" = ScanSoft OmniPage 15.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast!" = avast! Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"GeoLink " = GeoLink
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2C9FC6CB-16FC-4381-A026-6D5CA4D63E8F}" = WFI EAD v2.2.8
"KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TeamViewer 5" = TeamViewer 5
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/15/2010 3:14:09 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 7:50:33 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 7:50:33 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 8:38:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 8:38:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 10:04:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 10:04:31 AM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 12:38:30 PM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/15/2010 12:38:30 PM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 4/15/2010 2:10:42 PM | Computer Name = TOMMY-HQ | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

[ Application Events ]
Error - 4/15/2010 8:58:51 AM | Computer Name = TOMMY-HQ | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/15/2010 8:59:04 AM | Computer Name = TOMMY-HQ | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Manufacturing
and Wholesale Edition 2009": An attempt to LogOff without a logo

Error - 4/15/2010 9:33:11 AM | Computer Name = TOMMY-HQ | Source = Application Hang | ID = 1002
Description = Hanging application ashSimpl.exe, version 4.8.1367.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/15/2010 9:33:16 AM | Computer Name = TOMMY-HQ | Source = Application Hang | ID = 1001
Description = Fault bucket 1577472764.

Error - 4/15/2010 9:42:37 AM | Computer Name = TOMMY-HQ | Source = Application Hang | ID = 1002
Description = Hanging application ashSimpl.exe, version 4.8.1367.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/15/2010 12:22:01 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 11:22:01 AM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 12:27:04 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 11:27:04 AM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 1:07:53 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 12:07:53 PM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 1:37:08 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 12:37:08 PM Module: service Code: 504 Message: Full image must be
created before doing incremental images

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: J:\Backup\C_VOL Log file: C:\Program
Files\StorageCraft\ShadowProtect\Logs\{88C73605-D89D-43DC-9647-784064730F76}.txt
Start
time: 4/15/2010 2:16:26 PM Module: service Code: 504 Message: Full image must be created
before doing incremental images

[ System Events ]
Error - 4/15/2010 1:37:09 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 4/15/2010 3:15:09 PM | Computer Name = TOMMY-HQ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0022159696A0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/15/2010 3:15:26 PM | Computer Name = TOMMY-HQ | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9e85b619766f0) service failed
to start due to the following error: %%3

Error - 4/15/2010 3:15:26 PM | Computer Name = TOMMY-HQ | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 4/15/2010 3:16:24 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 4/15/2010 3:16:24 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/15/2010 3:16:24 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/15/2010 3:16:27 PM | Computer Name = TOMMY-HQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3991

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/15/2010 12:26:10 PM
mbam-log-2010-04-15 (12-26-10).txt

Scan type: Quick scan
Objects scanned: 109795
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 14:05:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tommy\LOCALS~1\Temp\fgliipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5EF46B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5EF4A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB5EF414C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB5EF408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB5EF40F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5EF476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5EF472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5EF48AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D70C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70C2] ZwCreateKey [0x804D70C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D70C7]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70C7] ZwOpenKey [0x804D70C7]

INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70D6

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB977D380, 0x34C81F, 0xE8000020]
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xB539A000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xB53EF224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xB53EF000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB52CB400, 0x6E1B2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5355220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5355220]
.protect˙˙˙˙hardlockunknown last code section [0xB5355000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB5355000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk2\DR2 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk3\DR6 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisement




Similar Topics: Avast detected Win32:Hupigon-ONX [Trj]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured