Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Google Redirect Infection


  • Please log in to reply

#1
mule99

mule99

    New Member

  • Member
  • Pip
  • 2 posts
Sometime over the past day 24 hours my computer became infected with the Google Redirect virus/malware. I wasn't even aware this existed until I started noticing the effects and did some searching on the problem. Those searches led me to Geeks to Go. I've followed the required steps in the Malware and Spyware cleaning guide. Thanks in advance for any assistance you can provide!

--------------------------------------------------
--------------------------------------------------
--------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3

10/5/2009 3:26:20 PM
mbam-log-2009-10-05 (15-26-20).txt

Scan type: Quick Scan
Objects scanned: 114905
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------
--------------------------------------------------
--------------------------------------------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/05 15:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINXP\System32\Drivers\dump_atapi.sys
Address: 0xAA942000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINXP\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A14000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINXP\system32\DRIVERS\mrxsmb.sys
Address: 0xAA9FA000 Size: 455296 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7211000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rdpdr.sys
Image Path: C:\WINXP\system32\DRIVERS\rdpdr.sys
Address: 0xF6CC7000 Size: 196224 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINXP\system32\drivers\rootrepeal.sys
Address: 0xA9F66000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINXP\system32\Drivers\uphcleanhlp.sys
Address: 0xF7A1C000 Size: 6752 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINXP\system32\Drivers\FireTDI.sys" at address 0xaaae1e5a

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINXP\system32\Drivers\uphcleanhlp.sys" at address 0xf7a1c63c

==EOF==

--------------------------------------------------
--------------------------------------------------
--------------------------------------------------

OTL logfile created on: 10/5/2009 3:39:18 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\B067381\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 374.09 Mb Available Physical Memory | 36.89% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.61 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 959.98 Gb Total Space | 66.80 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 200.00 Gb Total Space | 36.67 Gb Free Space | 18.34% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 36.67 Gb Free Space | 18.34% Space Free | Partition Type: NTFS
Drive Q: | 200.00 Gb Total Space | 53.33 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive V: | 300.00 Gb Total Space | 9.17 Gb Free Space | 3.06% Space Free | Partition Type: NTFS

Computer Name: G8JTVC1
Current User Name: B067381
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/03/23 21:53:28 | 00,249,856 | ---- | M] (Funk Software, Inc.) -- c:\Program Files\Funk Software\Odyssey Client\odClientService.exe
PRC - [2007/09/05 11:17:02 | 00,028,672 | ---- | M] (MCI, Inc.) -- c:\Program Files\Remote Services\AM.utEventServer.exe
PRC - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/03/10 16:24:04 | 01,471,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2007/01/19 21:14:54 | 00,239,864 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2009/05/18 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/05 11:17:02 | 00,069,696 | ---- | M] (Boingo Wireless, Inc.) -- c:\Program Files\Remote Services\WENGINE\wmonitor.exe
PRC - [2009/05/18 16:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/07/16 21:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan Enterprise\mcshield.exe
PRC - [2008/07/16 21:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan Enterprise\vstskmgr.exe
PRC - [2003/06/19 19:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/02/06 15:43:22 | 00,068,416 | ---- | M] (McAfee, Inc.) -- C:\WINXP\System32\mfevtps.exe
PRC - [2004/05/28 08:33:16 | 00,192,573 | ---- | M] (Microsoft Corporation) -- c:\gde\uphclean\uphclean.exe
PRC - [2007/09/05 11:17:02 | 00,028,672 | ---- | M] (MCI, Inc.) -- c:\Program Files\Remote Services\AM.blScriptEngine.exe
PRC - [2008/05/20 05:00:00 | 00,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\CCM\CcmExec.exe
PRC - [2009/02/06 15:39:14 | 00,034,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wbem\wmiprvse.exe
PRC - [2009/04/08 06:20:01 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/06/30 20:06:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Explorer.EXE
PRC - [2005/12/13 18:41:08 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINXP\System32\hkcmd.exe
PRC - [2005/12/13 18:45:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINXP\System32\igfxpers.exe
PRC - [2005/10/07 14:13:38 | 00,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/07/16 21:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan Enterprise\SHSTAT.EXE
PRC - [2005/02/24 14:09:28 | 00,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe
PRC - [2005/12/13 18:41:00 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINXP\System32\igfxsrvc.exe
PRC - [2006/03/23 21:52:48 | 01,052,735 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
PRC - [2007/05/10 10:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/07/15 16:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2009/03/10 16:24:06 | 00,972,096 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2009/05/18 16:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\udaterui.exe
PRC - [2009/10/05 13:31:50 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/06/28 23:56:12 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2002/12/19 18:17:56 | 00,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe
PRC - [2005/07/27 16:41:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/05/18 16:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wbem\wmiprvse.exe
PRC - [2009/10/05 15:38:13 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B067381\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/05 11:17:02 | 00,028,672 | ---- | M] (MCI, Inc.) -- c:\Program Files\Remote Services\AM.utEventServer.exe -- (AM.EventService [Auto | Running])
SRV - [2007/09/05 11:17:02 | 00,081,920 | ---- | M] (MCI, Inc.) -- c:\Program Files\Remote Services\AM.InstallService.exe -- (AM.InstallService [On_Demand | Stopped])
SRV - [2007/09/05 11:17:02 | 00,028,672 | ---- | M] (MCI, Inc.) -- c:\Program Files\Remote Services\AM.blScriptEngine.exe -- (AM.ScriptService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/05/20 05:00:00 | 00,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\CCM\CcmExec.exe -- (CcmExec [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2009/03/10 16:24:04 | 01,471,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/13 07:57:58 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [Disabled | Stopped])
SRV - [2009/04/08 06:20:01 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b83bf9e73912 [Disabled | Stopped])
SRV - [2009/10/05 13:31:44 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/02/06 15:39:14 | 00,034,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips [On_Demand | Running])
SRV - [2007/01/19 21:14:54 | 00,239,864 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2001/08/23 02:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2009/05/18 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2007/09/05 11:17:02 | 00,069,696 | ---- | M] (Boingo Wireless, Inc.) -- c:\Program Files\Remote Services\WENGINE\wmonitor.exe -- (MCIMonitor [Auto | Running])
SRV - [2008/07/16 21:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Running])
SRV - [2008/07/16 21:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2003/06/19 19:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2009/02/06 15:43:22 | 00,068,416 | ---- | M] (McAfee, Inc.) -- C:\WINXP\System32\mfevtps.exe -- (mfevtp [Unknown | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/03/23 21:53:28 | 00,249,856 | ---- | M] (Funk Software, Inc.) -- c:\Program Files\Funk Software\Odyssey Client\odClientService.exe -- (odClientService [Auto | Running])
SRV - [2003/07/28 08:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2008/05/20 05:00:00 | 00,249,888 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\CCM\TSManager.exe -- (smstsmgr [On_Demand | Stopped])
SRV - [2004/05/28 08:33:16 | 00,192,573 | ---- | M] (Microsoft Corporation) -- c:\gde\uphclean\uphclean.exe -- (UPHClean [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scj.com/Gateway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.scj.com/Gateway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...e/reading-list"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.01
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.autoconfig_url: "http://mnyball.baseb...cbssports.com/"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/09/08 14:11:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/05 14:41:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/05 14:41:10 | 00,000,000 | ---D | M]

[2008/08/27 10:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Extensions
[2008/08/27 10:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/17 21:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\kolkphyp.default2\extensions
[2009/04/17 21:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\kolkphyp.default2\extensions\[email protected]
[2009/10/05 15:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\mgnjq1gs.default\extensions
[2009/10/05 12:29:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\mgnjq1gs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/02 09:18:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\mgnjq1gs.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/09/16 14:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\mgnjq1gs.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2009/08/18 15:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\mozilla\Firefox\Profiles\mgnjq1gs.default\extensions\[email protected]
[2008/06/24 09:05:03 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\B067381\Application Data\Mozilla\FireFox\Profiles\mgnjq1gs.default\searchplugins\imdb.xml
[2008/06/24 09:04:41 | 00,004,997 | ---- | M] () -- C:\Documents and Settings\B067381\Application Data\Mozilla\FireFox\Profiles\mgnjq1gs.default\searchplugins\linkedin.xml
[2008/06/24 09:05:29 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\B067381\Application Data\Mozilla\FireFox\Profiles\mgnjq1gs.default\searchplugins\weathercom.xml
[2008/06/19 09:16:26 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\B067381\Application Data\Mozilla\FireFox\Profiles\mgnjq1gs.default\searchplugins\wikipedia-en.xml
[2008/01/21 16:22:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 11:26:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/14 11:26:39 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 11:26:40 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/13 07:57:58 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/14 11:26:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/08 11:13:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/08 11:13:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/08 11:13:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/08 11:13:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/08 11:13:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/08 11:13:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/08 11:13:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/30 15:35:56 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/30 15:35:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/30 15:35:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/30 15:35:56 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/30 15:35:56 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/13 07:57:58 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/12/13 07:57:58 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/06/30 15:35:56 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/30 15:35:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\WINXP\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINXP\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINXP\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINXP\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] c:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [OdTray.exe] c:\Program Files\Funk Software\Odyssey Client\OdTray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\B067381\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Government statutes make it a crime to gain unauthorized access into this computer system. System use is only for authorized business purposes. VIOLATORS WILL BE PROSECUTED
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = adaware.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = Ad-Aware.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = AIM.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = AIM3.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = AIM6.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = AIM95.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = AToolBar.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = AToolBar[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = bearshare.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = Bush.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = copernicdesktopsearch2.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = copernicdesktopsearch2[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = digsby.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = GoogleToolbar.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = GoogleToolbar[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 16 = ICQ.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 17 = ICQ2000b.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 18 = ICQ2001b.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 19 = ICQ2002a.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 20 = ICQ5_Setup.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 21 = ICQInstall.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 22 = ICQLite.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 23 = ICQPRO2003a.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 24 = ICQPRO2003b.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 25 = IE7RC1-WindowsXP-x86-enu.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 26 = IE7-WindowsXP-x86-enu.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 27 = IE8-WindowsXP-x86-ENU.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 28 = Install_ICQ6.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 29 = Install_ICQ6[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 30 = jdk-6u3-windows-i586-p.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 31 = jdk-6u3-windows-i586-p[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 32 = jre-6u1-windows-i586-p-iftw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 33 = jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 34 = jre-6u1-windows-i586-p-s.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 35 = jre-6u1-windows-i586-p-s[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 36 = jucheck.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 37 = kazaa.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 38 = LimeWire.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 39 = limewire.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 40 = miranda32.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 41 = miranda-im-v0.7.0-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 42 = miranda-im-v0.7.10-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 43 = miranda-im-v0.7.11-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 44 = miranda-im-v0.7.12-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 45 = miranda-im-v0.7.13-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 46 = miranda-im-v0.7.1-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 47 = miranda-im-v0.7.2-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 48 = miranda-im-v0.7.3-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 49 = miranda-im-v0.7.4-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 50 = miranda-im-v0.7.5-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 51 = miranda-im-v0.7.6-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 52 = miranda-im-v0.7.7-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 53 = miranda-im-v0.7.8-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 54 = miranda-im-v0.7.9-unicode.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 55 = msnmsgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 56 = MSOUTRC2007Update-KB863892.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 57 = MySpaceIM.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 58 = napster.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 59 = office2007b2tr-kb000000-fullfile-en-us.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 60 = Safari.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 61 = SafariQuickTimeSetup.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 62 = toolbar.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 63 = toolbar[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 64 = trillian.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 65 = wbsamp5.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 66 = wbsamp5[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 67 = WindowsXP-KB928388-x86-ENU.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 68 = WindowsXP-KB928388-x86-ENU[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 69 = WindowsXP-KB931836-x86-ENU.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 70 = WindowsXP-KB931836-x86-ENU[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 71 = winzip120.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 72 = WLToolbarSetup_en.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 73 = WLToolbarSetup_en[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 74 = X1.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 75 = X1[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 76 = x1_cnet_client_3453.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 77 = x1_cnet_client_3453[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 78 = yahoo_toolbar_install_helper.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 79 = yahoo_toolbar_install_helper[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 80 = YahooMessenger.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 81 = yds_beta1500zk.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 82 = yds_beta1500zk[1].exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 83 = YPager.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - c:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINXP\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINXP\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: nielsen.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: nielsen.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: nielsen.com ([answers] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nielsen.com ([answerssqc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: scj.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: SCJLearning.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} http://usracia46/ETW...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1_18)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_06)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINXP\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.72.250.177 152.72.244.250 152.72.150.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.scj.loc
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINXP\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINXP\System32\odyEvent.dll (Funk Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/05 10:43:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINXP\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/05 13:31:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/10/05 15:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/05 13:32:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/05 12:35:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/05 13:32:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/05 15:18:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B067381\Application Data\Malwarebytes
[2009/10/05 13:32:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B067381\Application Data\PC Tools
[2009/10/05 13:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/05 15:17:02 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/05 15:18:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/29 13:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\PowerMenu
[2009/10/05 14:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/10/05 12:35:18 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/05 13:32:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/05 13:46:27 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/10/05 13:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/05 15:18:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys
[2009/10/05 15:18:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2009/10/05 15:17:36 | 00,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2009/10/05 15:13:13 | 00,038,528 | ---- | C] (McAfee, Inc.) -- C:\WINXP\System32\HIPIS0e011a2.dll
[2009/10/05 14:29:24 | 00,031,928 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINXP\System32\rrMon.sys
[2009/10/05 13:33:43 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINXP\System32\drivers\pctgntdi.sys
[2009/10/05 13:33:32 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINXP\System32\drivers\PCTCore.sys
[2009/10/05 13:33:32 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINXP\System32\drivers\PCTAppEvent.sys
[2009/10/05 13:33:17 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINXP\System32\drivers\pctplsg.sys
[2008/08/21 10:55:58 | 03,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2008/08/21 10:55:57 | 00,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2008/08/21 10:55:56 | 00,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2008/08/21 10:55:55 | 00,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx

========== Files - Modified Within 14 Days ==========

[2009/10/05 15:18:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/05 15:17:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\NTREGOPT.lnk
[2009/10/05 15:17:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\ERUNT.lnk
[2009/10/05 15:14:32 | 00,000,455 | ---- | M] () -- C:\WINXP\smscfg.ini
[2009/10/05 15:13:21 | 00,000,882 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/05 15:13:13 | 00,000,113 | ---- | M] () -- C:\WINXP\System32\api_hook_list.dat
[2009/10/05 15:12:57 | 00,000,868 | ---- | M] () -- C:\WINXP\tasks\Google Software Updater.job
[2009/10/05 15:12:44 | 00,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT
[2009/10/05 15:12:40 | 00,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2009/10/05 15:12:38 | 10,633,78944 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/05 15:11:01 | 00,000,886 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/05 14:21:21 | 07,443,366 | -H-- | M] () -- C:\Documents and Settings\B067381\Local Settings\Application Data\IconCache.db
[2009/10/05 09:44:54 | 06,080,512 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\FISK - Neo Presentation v1.2.ppt
[2009/10/05 08:50:33 | 00,002,278 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2009/10/03 18:04:53 | 00,033,528 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\iSkunk1.jpg
[2009/10/03 18:01:52 | 00,100,452 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\bald-eagle-head.jpg
[2009/10/02 14:58:16 | 06,447,104 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\FISK - Neo Presentation v1.1.ppt
[2009/10/01 15:29:14 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\Gameday Chili 2009.doc
[2009/10/01 15:22:49 | 00,082,358 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\Jonathan's Cookbook.docx
[2009/10/01 14:59:55 | 09,785,856 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\FISK - Neo Presentation v1.ppt
[2009/09/29 13:34:30 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\B067381\Start Menu\Programs\Startup\PowerMenu.lnk
[2009/09/25 21:19:48 | 00,159,989 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\INSIGNIA NS-L22Q-10A WARRANTY.PDF
[2009/09/25 21:19:13 | 13,687,008 | ---- | M] () -- C:\Documents and Settings\B067381\Desktop\INSIGNIA NS-L22Q-10A.pdf

========== Files - No Company Name ==========
[2009/10/05 15:18:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/05 15:17:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\NTREGOPT.lnk
[2009/10/05 15:17:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\ERUNT.lnk
[2009/10/05 15:13:13 | 00,000,113 | ---- | C] () -- C:\WINXP\System32\api_hook_list.dat
[2009/10/05 13:31:46 | 00,000,868 | ---- | C] () -- C:\WINXP\tasks\Google Software Updater.job
[2009/10/05 09:44:52 | 06,080,512 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\FISK - Neo Presentation v1.2.ppt
[2009/10/03 18:04:52 | 00,033,528 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\iSkunk1.jpg
[2009/10/03 18:01:51 | 00,100,452 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\bald-eagle-head.jpg
[2009/10/02 09:49:18 | 06,447,104 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\FISK - Neo Presentation v1.1.ppt
[2009/10/01 15:27:52 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\Gameday Chili 2009.doc
[2009/10/01 13:44:27 | 09,785,856 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\FISK - Neo Presentation v1.ppt
[2009/09/29 13:34:30 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\B067381\Start Menu\Programs\Startup\PowerMenu.lnk
[2009/09/25 21:19:46 | 00,159,989 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\INSIGNIA NS-L22Q-10A WARRANTY.PDF
[2009/09/25 21:19:13 | 13,687,008 | ---- | C] () -- C:\Documents and Settings\B067381\Desktop\INSIGNIA NS-L22Q-10A.pdf
[2009/04/08 16:28:22 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\B067381\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2008/09/08 10:50:40 | 00,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/08/21 10:55:56 | 00,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2008/08/21 10:55:55 | 00,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2008/01/25 18:44:43 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\B067381\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 12:34:10 | 00,025,408 | ---- | C] () -- C:\Documents and Settings\B067381\Application Data\Comma Separated Values (Windows).ADR
[2008/01/21 14:50:56 | 00,025,816 | ---- | C] () -- C:\Documents and Settings\B067381\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/01/15 14:09:24 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\B067381\Local Settings\Application Data\fusioncache.dat
[2008/01/15 13:45:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\B067381\Application Data\desktop.ini
[2008/01/15 13:45:29 | 07,443,366 | -H-- | C] () -- C:\Documents and Settings\B067381\Local Settings\Application Data\IconCache.db
[2007/09/05 05:35:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/05 15:18:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/08 11:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/09/05 11:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Access Manager
[2009/06/23 09:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2009/10/05 13:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/05 15:18:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\B067381\Application Data
[2008/06/26 10:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\Amazon
[2008/02/10 18:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\Aventail
[2009/03/31 08:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\Collaboration Addin
[2008/01/15 14:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\Funk Software
[2007/09/05 11:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\ICAClient
[2009/06/22 15:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\IDM
[2009/07/14 18:06:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\Move Networks
[2009/06/23 09:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\NBC Direct
[2009/07/20 09:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/04/29 10:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B067381\Application Data\webex
[2001/08/23 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINXP\Tasks\desktop.ini
[2009/10/05 15:12:57 | 00,000,868 | ---- | M] () -- C:\WINXP\Tasks\Google Software Updater.job
[2009/10/05 15:13:21 | 00,000,882 | ---- | M] () -- C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/05 15:11:01 | 00,000,886 | ---- | M] () -- C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/05 15:12:44 | 00,000,006 | -H-- | M] () -- C:\WINXP\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1999/12/02 09:54:22 | 00,097,280 | ---- | M] (Microsoft) -- C:\robocopy.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

--------------------------------------------------
--------------------------------------------------
--------------------------------------------------

OTL Extras logfile created on: 10/5/2009 3:39:18 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\B067381\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 374.09 Mb Available Physical Memory | 36.89% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.61 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 959.98 Gb Total Space | 66.80 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 200.00 Gb Total Space | 36.67 Gb Free Space | 18.34% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 36.67 Gb Free Space | 18.34% Space Free | Partition Type: NTFS
Drive Q: | 200.00 Gb Total Space | 53.33 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive V: | 300.00 Gb Total Space | 9.17 Gb Free Space | 3.06% Space Free | Partition Type: NTFS

Computer Name: G8JTVC1
Current User Name: B067381
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINXP\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINXP\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4E21223F-8D6C-446E-9CD3-587D206A8400}" = MetaFrame Presentation Server Client
"{5CCD0F3E-4B58-4712-A761-CBD5871F0B68}" = Access Manager
"{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_18
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2F032F-CC54-11D7-9D67-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_06
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{95419C51-6166-4499-86AF-D455FD3E126A}" = ACNielsen Workstation Information*Server 3.3.0.1
"{961D35E8-D426-3E2E-8222-F4FFD9E104FD}" = Google Gears
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B3358201-26E9-4283-AE39-656008B60B3A}" = Odyssey Client
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client 4.8.01.0300
"{EC56BAC0-6B62-4F3B-8C25-70D6D214D9D0}" = Collaboration Addin for Outlook
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = WebEx Meeting Manager for Internet Explorer
"{FB82DEF7-781F-4F45-9B6D-1B67DF304ADA}" = McAfee Agent
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0.9 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Autobahn" = MLB.TV NexDef Plug-in
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDMViewer" = FileNet IDM Viewer 4.0
"Java Web Start" = Java Web Start
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"PowerMenu" = PowerMenu 1.51
"RDC" = RDC
"RealPlayer Enterprise 6.0" = RealPlayer Enterprise
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Visual Collaboration Toolkit" = SAP Viewer 6.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WWI" = WWI Windows Wordprocessor Integration
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Extensity 6" = Extensity 6
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2009 9:39:10 PM | Computer Name = G8JTVC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/23/2009 9:49:50 PM | Computer Name = G8JTVC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/24/2009 12:07:07 AM | Computer Name = G8JTVC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2009 9:48:21 AM | Computer Name = G8JTVC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/24/2009 9:48:21 AM | Computer Name = G8JTVC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2009 7:08:45 PM | Computer Name = G8JTVC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/24/2009 7:08:46 PM | Computer Name = G8JTVC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2009 7:08:59 PM | Computer Name = G8JTVC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/24/2009 7:10:10 PM | Computer Name = G8JTVC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for GLOBAL\B067381 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2009 9:26:30 PM | Computer Name = G8JTVC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 10/5/2009 4:11:15 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7034
Description = The Cisco Systems, Inc. VPN Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/5/2009 4:11:15 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/5/2009 4:11:15 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7034
Description = The Access Manager Event Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/5/2009 4:11:15 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7034
Description = The User Profile Hive Cleanup service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/5/2009 4:11:15 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7034
Description = The MCI Monitor Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/5/2009 4:11:15 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7034
Description = The Access Manager Script Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/5/2009 4:11:21 PM | Computer Name = G8JTVC1 | Source = Service Control Manager | ID = 7031
Description = The SMS Agent Host service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.

Error - 10/5/2009 4:11:44 PM | Computer Name = G8JTVC1 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 10/5/2009 4:13:21 PM | Computer Name = G8JTVC1 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 10/5/2009 4:14:56 PM | Computer Name = G8JTVC1 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >
  • 0

Advertisements


#2
mule99

mule99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I apologize for replying to my own topic but I noticed some more recent Google Redirect posts were getting assistance and wondered if mine got lost in the shuffle. Thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP