OTL Extras logfile created on: 8/12/2010 12:53:19 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Palladium Tan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.60 Gb Total Space | 52.31 Gb Free Space | 73.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 95.78 Mb Total Space | 69.99 Mb Free Space | 73.07% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PALLADIUM
Current User Name: Palladium Tan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5900:TCP" = 5900:TCP:*:Enabled:VNC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1129155795\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1129155795\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PCCW\Pccw.exe" = C:\Program Files\PCCW\Pccw.exe:*:Enabled:Pccw -- (GO Software, Inc.)
"C:\WINDOWS\SYSTEM32\FTP.EXE" = C:\WINDOWS\SYSTEM32\FTP.EXE:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Nichesoft\TanTrack\TanTrack.exe" = C:\Program Files\Nichesoft\TanTrack\TanTrack.exe:*:Enabled:TanTrack -- (Nichesoft, L.L.C.)
"C:\Program Files\Citrix\GoToMyPC\g2svc.exe" = C:\Program Files\Citrix\GoToMyPC\g2svc.exe:*:Enabled:GoToMyPC -- (Citrix Online, a division of Citrix Systems, Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 21
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{395131D0-71C3-4411-8DDD-84E7A4EC8754}" = Intellisync® for Yahoo!
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.04
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.1
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"DellSupport" = Dell Support 5.0.0 (766)
"DynDNS Updater_is1" = DynDNS Updater 3.0
"EPSON Advanced Printer Driver 3" = EPSON Advanced Printer Driver 3
"HitmanPro35" = Hitman Pro 3.5
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Need2FindBar Uninstall" = Need2Find Bar
"NETGEAR ProSafe Firewall Router" = NETGEAR ProSafe Firewall Router
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenVPN" = OpenVPN 2.0.7
"PCCharge Pro" = PCCharge Pro
"PokerStars" = PokerStars
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"GCalc 3 Beta" = GCalc 3 Beta
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/5/2010 7:42:26 PM | Computer Name = PALLADIUM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/5/2010 7:42:26 PM | Computer Name = PALLADIUM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/7/2010 4:00:21 AM | Computer Name = PALLADIUM | Source = ESENT | ID = 490
Description = wuauclt (3960) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 8/7/2010 4:00:21 AM | Computer Name = PALLADIUM | Source = ESENT | ID = 470
Description = wuauclt (3960) Database C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
is partially attached. Attachment stage: 3. Error: -1032.
Error - 8/7/2010 3:31:27 PM | Computer Name = PALLADIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/10/2010 11:54:07 AM | Computer Name = PALLADIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/11/2010 11:24:09 AM | Computer Name = PALLADIUM | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 8/11/2010 11:24:23 AM | Computer Name = PALLADIUM | Source = Application Error | ID = 1001
Description = Fault bucket 1987575260.
Error - 8/11/2010 2:53:01 PM | Computer Name = PALLADIUM | Source = Application Hang | ID = 1002
Description = Hanging application TanTrack.exe, version 2.6.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 8/11/2010 2:53:02 PM | Computer Name = PALLADIUM | Source = Application Hang | ID = 1002
Description = Hanging application TanTrack.exe, version 2.6.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 8/12/2010 12:27:58 PM | Computer Name = PALLADIUM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 001111A1D2D1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 8/12/2010 12:28:05 PM | Computer Name = PALLADIUM | Source = NetDDE | ID = 206
Description = Listen failed: 15:
Error - 8/12/2010 12:28:30 PM | Computer Name = PALLADIUM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 001111A1D2D1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 8/12/2010 12:28:30 PM | Computer Name = PALLADIUM | Source = NetDDE | ID = 206
Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
network number.
Error - 8/12/2010 12:28:36 PM | Computer Name = PALLADIUM | Source = NetDDE | ID = 206
Description = Listen failed: 15:
Error - 8/12/2010 12:33:32 PM | Computer Name = PALLADIUM | Source = Dhcp | ID = 1002
Description = The IP address lease 99.142.223.215 for the Network Card with network
address 001111A1D2D1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 8/12/2010 12:33:32 PM | Computer Name = PALLADIUM | Source = NetDDE | ID = 206
Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
network number.
Error - 8/12/2010 12:33:38 PM | Computer Name = PALLADIUM | Source = NetDDE | ID = 206
Description = Listen failed: 15:
Error - 8/12/2010 12:48:05 PM | Computer Name = PALLADIUM | Source = Dhcp | ID = 1002
Description = The IP address lease 10.8.0.1 for the Network Card with network address
00FFE4EA4F26 has been denied by the DHCP server 10.8.0.2 (The DHCP Server sent a
DHCPNACK message).
Error - 8/12/2010 12:48:09 PM | Computer Name = PALLADIUM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon
< End of report >
OTL logfile created on: 8/12/2010 12:53:19 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Palladium Tan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.60 Gb Total Space | 52.31 Gb Free Space | 73.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 95.78 Mb Total Space | 69.99 Mb Free Space | 73.07% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PALLADIUM
Current User Name: Palladium Tan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Palladium Tan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\OpenVPN\bin\openvpn.exe ()
PRC - C:\Program Files\OpenVPN\bin\openvpnserv.exe ()
PRC - C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
PRC - C:\WINDOWS\SYSTEM32\EpStsSrv.exe (SEIKO EPSON Corp.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\SYSTEM32\ESDUSBMon.exe (SEIKO EPSON Corp.)
PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Palladium Tan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe ()
SRV - (winvnc) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (EPSON ESCPOS Status Service) -- C:\WINDOWS\System32\EpStsSrv.exe (SEIKO EPSON Corp.)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
SRV - (GhostStartService) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation)
========== Driver Services (SafeList) ========== DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (tap0801) -- C:\WINDOWS\SYSTEM32\DRIVERS\tap0801.sys (The OpenVPN Project)
DRV - (Haspnt) -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (TMUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\TMUSBXP.SYS (SEIKO EPSON Corp.)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation)
DRV - (Hardlock) -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys (Aladdin Knowledge Systems)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (aksusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\aksusb.sys (Aladdin Knowledge Systems)
DRV - (akshasp) -- C:\WINDOWS\SYSTEM32\DRIVERS\akshasp.sys (Aladdin Knowledge Systems)
DRV - (Esdpdx01) -- C:\WINDOWS\SYSTEM32\DRIVERS\ESDPDX01.SYS (MK Systems CO., LTD.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (GhPciScan) -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys (Symantec Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MagEpNt) -- C:\WINDOWS\System32\drivers\magepnt.sys (MagTek)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.c...rch/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?r998=1239739352IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "
http://start.mozilla...en-US:official" [2005/07/01 00:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Mozilla\Firefox\Profiles\bc5wq42q.default\extensions
[2005/07/01 00:06:01 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Palladium Tan\Application Data\Mozilla\Firefox\Profiles\bc5wq42q.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/07/01 00:06:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/08/11 09:53:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}
http://zone.msn.com/...UI.cab34120.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA}
http://zone.msn.com/...pandaonline.cab (TGOnlineCtrl Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D}
http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1263315487656 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7}
http://h30155.www3.h...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0}
http://zone.msn.com/...ol.cab36107.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
http://zone.msn.com/...xy.cab35645.cab (StadiumProxy Class)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
http://myspace.obero...sh.1.0.0.80.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
http://myspace.obero...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ========== [2010/08/12 12:49:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Palladium Tan\Desktop\OTL.exe
[2010/08/11 10:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Palladium Tan\Desktop\JavaRa
[2010/08/11 10:17:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/11 09:51:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/11 09:48:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/10 11:39:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/09 10:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Palladium Tan\Desktop\tdsskiller
[2010/08/07 10:56:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Palladium Tan\Recent
[2010/08/07 09:34:39 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Palladium Tan\Desktop\HousecallLauncher.exe
[2010/08/06 20:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/06 20:33:09 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Palladium Tan\Desktop\ccleaner.exe
[2010/08/06 17:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/06 17:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/06 17:26:36 | 006,289,216 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Palladium Tan\Desktop\HitmanPro35.exe
[2010/08/06 15:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Palladium Tan\Application Data\Malwarebytes
[2010/08/06 15:26:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/06 15:26:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/06 15:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/06 15:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/06 15:24:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Palladium Tan\Desktop\mbam-setup-1.46.exe
[2010/08/06 12:45:27 | 073,473,320 | ---- | C] ( ) -- C:\Documents and Settings\Palladium Tan\Desktop\Kaspersky.exe
[2010/08/05 20:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Palladium Tan\My Documents\Oberon Media
[2010/08/05 18:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/08/05 18:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/08/05 18:02:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/05 18:00:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/05 18:00:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/05 18:00:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/05 17:58:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/05 17:37:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/05 09:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/04 21:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/04 21:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Palladium Tan\Application Data\GetRightToGo
[2010/08/04 20:23:14 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/04 20:23:14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/04 20:23:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/04 20:23:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/28 11:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/07/28 11:45:37 | 000,581,632 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl.dll
[2010/07/28 11:45:37 | 000,090,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2010/07/28 11:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[1980/01/01 01:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/08/12 12:49:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Palladium Tan\Desktop\OTL.exe
[2010/08/12 12:27:15 | 001,132,196 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\tdsskiller.zip
[2010/08/12 12:08:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\MBRCheck.exe
[2010/08/12 11:48:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/12 11:48:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/12 11:47:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/12 11:47:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/12 11:47:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/12 11:47:46 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 11:46:13 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\ntuser.dat
[2010/08/12 11:46:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Palladium Tan\NTUSER.INI
[2010/08/12 08:39:04 | 063,318,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/11 13:47:34 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\SecurityCheck.exe
[2010/08/11 10:21:50 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\JavaRa.zip
[2010/08/11 09:53:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/11 09:53:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/11 09:04:45 | 003,816,121 | R--- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\ComboFix.exe
[2010/08/10 17:41:19 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 17:39:45 | 005,736,528 | -H-- | M] () -- C:\Documents and Settings\Palladium Tan\Local Settings\Application Data\IconCache.db
[2010/08/10 17:38:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 17:38:14 | 000,000,806 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/08/10 17:36:11 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 17:36:11 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/08/10 17:36:11 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/10 10:49:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\gmer.exe
[2010/08/10 10:28:02 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\gmer.zip
[2010/08/09 10:22:24 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\HiJackThis.lnk
[2010/08/07 09:35:01 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Local Settings\Application Data\housecall.guid.cache
[2010/08/07 09:34:57 | 001,870,800 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Palladium Tan\Desktop\HousecallLauncher.exe
[2010/08/06 20:34:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\CCleaner.lnk
[2010/08/06 20:33:17 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Palladium Tan\Desktop\ccleaner.exe
[2010/08/06 19:29:40 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/08/06 18:44:54 | 000,008,586 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\Yahoo!.url
[2010/08/06 17:45:45 | 006,289,216 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Palladium Tan\Desktop\HitmanPro35.exe
[2010/08/06 16:38:54 | 001,704,384 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\FrontlineRegCleanerSetup.exe
[2010/08/06 15:26:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 15:24:27 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Palladium Tan\Desktop\mbam-setup-1.46.exe
[2010/08/06 12:46:26 | 073,473,320 | ---- | M] ( ) -- C:\Documents and Settings\Palladium Tan\Desktop\Kaspersky.exe
[2010/08/06 11:51:24 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\HiJackThis.msi
[2010/08/05 18:02:30 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/08/04 20:14:33 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/03 12:20:53 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\Microsoft Office Word 2003.lnk
[2010/07/28 14:03:12 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Palladium Tan\Desktop\Microsoft Office Excel 2003.lnk
[2010/07/28 13:55:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\ORUN32.INI
[2010/07/28 12:34:49 | 000,104,247 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/07/28 11:58:05 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/07/28 11:54:05 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/28 11:53:25 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2010/07/27 01:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/17 02:42:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\wivoyeto
[2010/08/12 12:08:06 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\MBRCheck.exe
[2010/08/11 13:47:33 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\SecurityCheck.exe
[2010/08/11 10:10:44 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\JavaRa.zip
[2010/08/10 17:30:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 10:27:58 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\gmer.zip
[2010/08/10 09:26:27 | 000,427,278 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\ProductContext4100.log
[2010/08/09 10:36:13 | 001,132,196 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\tdsskiller.zip
[2010/08/09 09:59:16 | 2682,425,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/07 09:35:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Local Settings\Application Data\housecall.guid.cache
[2010/08/06 20:34:02 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\CCleaner.lnk
[2010/08/06 17:27:41 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/06 17:26:52 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/08/06 16:38:48 | 001,704,384 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\FrontlineRegCleanerSetup.exe
[2010/08/06 16:37:57 | 003,816,121 | R--- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\ComboFix.exe
[2010/08/06 15:26:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 11:51:45 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\HiJackThis.lnk
[2010/08/06 11:51:08 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\HiJackThis.msi
[2010/08/05 18:02:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/05 18:02:28 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/05 18:00:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/05 18:00:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/05 18:00:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/05 18:00:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/05 18:00:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/04 20:11:53 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/04 20:11:53 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/07/29 14:16:41 | 000,000,052 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\debuglog.txt
[2010/07/28 14:02:47 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Palladium Tan\Desktop\Microsoft Office Excel 2003.lnk
[2010/07/28 11:53:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2010/07/28 11:46:43 | 000,104,247 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/07/28 11:46:43 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/10/22 09:30:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\quick32.dll
[2009/10/16 15:39:37 | 000,000,108 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009/08/26 14:42:35 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/03/18 08:01:15 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/11/22 13:11:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/20 17:15:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/05/07 21:57:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2005/05/17 07:22:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 19:06:06 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\NgSharedPort.dll
[2005/02/27 18:58:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[2005/02/27 18:58:44 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\NOVA_API.dll
[2005/02/27 18:58:44 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\cmeparse.dll
[2005/02/27 18:58:43 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\ipinplus32.dll
[2005/02/08 10:09:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/06 14:38:22 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\EpsStmEW.DLL
[2005/02/06 14:38:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SharpImg.dll
[2005/02/03 18:26:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/02/01 11:57:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/01/31 21:30:48 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/26 20:59:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005/01/07 22:17:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/07 22:13:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/07 21:47:58 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:25:56 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
========== LOP Check ========== [2009/10/22 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4h soft
[2010/06/30 21:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/08/26 14:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/30 17:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2010/08/05 18:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2005/06/02 11:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/08/06 19:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/06/14 16:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/06/11 08:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/08/26 14:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/08/02 13:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/08/05 08:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/19 18:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/07 14:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2009/10/22 12:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\4h soft
[2008/01/20 15:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Aim
[2010/06/03 12:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\AVG9
[2010/06/11 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\ElevatedDiagnostics
[2010/08/04 21:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\GetRightToGo
[2005/02/03 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\ICAClient
[2009/12/03 19:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\IObit
[2006/03/06 10:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Kana Solution
[2005/02/23 12:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Leadertech
[2008/06/14 16:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\PlayFirst
[2005/12/12 14:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Simple Star
[2005/09/01 20:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Solitaire.Com
[2007/12/04 12:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\TrueSwitch
[2007/05/26 10:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Viewpoint
[2008/08/16 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\ViquaSoft
[2006/06/19 15:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palladium Tan\Application Data\Walgreens
[2010/08/12 11:47:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2008/05/09 18:24:33 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/04 20:14:33 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/05 18:02:30 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2005/02/01 09:29:31 | 000,034,304 | ---- | M] () -- C:\Calendar.doc
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/11 09:57:25 | 000,015,811 | ---- | M] () -- C:\ComboFix.txt
[2005/02/03 18:26:41 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/01/07 21:50:16 | 000,004,560 | RH-- | M] () -- C:\DELL.SDR
[2005/03/12 03:23:58 | 000,000,830 | ---- | M] () -- C:\eNC430SO.TXT
[2005/11/22 01:44:42 | 000,335,872 | R--- | M] (Applied Graphics Technologies, Inc.) -- C:\FujiFilm.exe
[2005/11/22 01:44:42 | 000,017,823 | R--- | M] () -- C:\FujiFilm.HLP
[2010/08/12 11:47:46 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2005/12/07 11:08:10 | 000,001,299 | ---- | M] () -- C:\ImgData.ini
[2004/08/11 18:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/10/12 17:23:18 | 000,000,207 | -H-- | M] () -- C:\IPH.PH
[2010/08/11 10:25:17 | 000,008,575 | ---- | M] () -- C:\JavaRa.log
[2002/09/09 06:02:46 | 000,221,184 | ---- | M] (Crystal Decisions) -- C:\keycode.dll
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/17 19:42:55 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/08/12 11:47:45 | 2682,351,616 | -HS- | M] () -- C:\pagefile.sys
[2010/08/09 10:38:01 | 000,048,874 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_10.37.44_log.txt
[2010/08/12 12:29:37 | 000,095,764 | ---- | M] () -- C:\TDSSKiller.2.4.1.1_12.08.2010_12.27.47_log.txt
[2005/06/28 17:46:00 | 003,827,179 | ---- | M] (UltraVNC ) -- C:\UltraVNC-1.0-Setup_sf.exe
[2008/06/09 08:32:04 | 000,000,162 | ---- | M] () -- C:\YServer.txt
< %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com >[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI
< %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* >[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2007/06/20 11:06:42 | 000,008,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GoToPrintProcessor.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe
[2002/12/20 03:12:04 | 000,002,987 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\Tmctrl.ini
[2003/09/29 03:12:06 | 000,005,410 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\Tmctrla.ini
< %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr >[2005/05/19 17:10:21 | 000,294,912 | ---- | M] (Simple Star, Inc.) -- C:\WINDOWS\Walgreens PhotoShow.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav >[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< %PROGRAMFILES%|bak;true;false;false /fp >[2008/01/28 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices\Core\bak
[2008/01/28 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix\GoToMyPC\bak
[2008/01/28 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\HP\HP Software Update\bak
< %systemroot%\system32|bak;true;false;false /fp > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[2008/09/17 19:47:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI
< %systemroot%\system32\config\systemprofile\*.dat /x >[2005/01/07 22:06:50 | 000,000,310 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\convert.log
< %systemroot%\*.config > < %systemroot%\system32\*.db > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 08:00:23
========== Alternate Data Streams ========== @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6798065
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2164CF08
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9084D1D3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:061FEEDF
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DB76AE
< End of report >