Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

clean? google redirect


  • Please log in to reply

#1
lupi2279

lupi2279

    Member

  • Member
  • PipPip
  • 83 posts
I dont think Im clean yet. Ive been dealing w programs not working, slow computer and search redirects for days now.

Last time I ran Kaspersky it removed I believe 4 viruses that AVG missed. However 1 (Trogen.win33.sasfiswks) it stated to ignore because it could not clean?

I also am currently getting a Rundll error on windows startup stating " c:\windows\okexebux.dll specified moduale could not be found".

MBAM report
Malwarebytes' Anti-Malware 1.42
Database version: 3310
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/7/2009 12:35:17 PM
mbam-log-2009-12-07 (12-35-02).txt

Scan type: Quick Scan
Objects scanned: 131124
Time elapsed: 19 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Worm.Autorun) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\sgemf.exe (Worm.Autorun) -> No action taken.
C:\WINDOWS\SYSTEM32\cpnprt2.cid (Trojan.Agent) -> No action taken.
C:\WINDOWS\cpnprt2.cid (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Olt.txt report
OTL logfile created on: 12/7/2009 1:13:49 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 116.15 Mb Available Physical Memory | 22.77% Memory free
1.45 Gb Paging File | 1.06 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 12.53 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive D: | 60.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D98MVL51
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/07 12:09:37 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2009/11/18 14:00:00 | 00,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\WINZIP\WZQKPICK.EXE
PRC - [2009/10/31 13:29:53 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2008/12/22 09:37:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/13 19:12:30 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ntvdm.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/19 10:34:19 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/03 20:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/23 14:54:40 | 00,225,380 | -H-- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe
PRC - [2006/09/25 19:52:48 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1187903332\ee\aolsoftware.exe
PRC - [2005/08/25 20:00:36 | 00,041,050 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\shellmon.exe
PRC - [2004/12/16 09:26:40 | 00,454,749 | ---- | M] (America Online Inc) -- C:\Program Files\America Online 9.0\aolwbspd.exe
PRC - [2003/08/12 11:50:40 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/01/10 16:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [1995/07/27 02:20:00 | 00,018,944 | ---- | M] () -- C:\AFTERDRK\ADTRAY.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/07 12:09:37 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
MOD - [2009/12/05 14:17:12 | 00,109,072 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll
MOD - [2003/08/18 12:08:44 | 00,028,761 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\idleproc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (PCCare Premium)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/03/24 17:13:50 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 13:20:19 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9862c1cb79f6e) Google Update Service (gupdate1c9862c1cb79f6e)
SRV - [2008/12/22 09:37:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2003/08/12 11:50:40 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 16:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fighthype.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/02 18:17:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/02 17:17:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/04 12:09:39 | 00,000,000 | ---D | M]

[2008/11/25 16:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2009/12/07 09:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\extensions
[2008/08/06 10:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2007/07/16 10:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/19 13:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/03/09 08:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/10 08:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/03 17:51:06 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\14a4g1tb.default\searchplugins\ask.xml
[2009/12/07 09:35:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/05 14:09:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/08/05 15:06:51 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: (228474 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 127.0.0.1 139mm.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 8006 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe File not found
O4 - HKLM..\Run: [Jliwabimonu] C:\WINDOWS\okexebux.DLL File not found
O4 - HKCU..\Run: [FAST Defrag] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\After Dark Tray Starter.lnk = C:\AFTERDRK\ADTRAY.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\WINZIP\WZQKPICK.EXE (WinZip Computing, S.L.)
F3 - HKCU WinNT: Load - (c:\afterdrk\adw30.exe) - c:\AFTERDRK\ADW30.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_1_0_0_44.cab (FilePlanet Download Control Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-12.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1184248138390 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229620415515 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/12 11:28:06 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.AD3 -- [ NTFS ]
O32 - AutoRun File - [2006/01/12 11:23:18 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2006/01/12 11:28:04 | 00,000,040 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/13 08:59:48 | 00,000,041 | ---- | M] () - C:\AUTOEXEC.ZYX -- [ NTFS ]
O32 - AutoRun File - [2006/04/25 15:49:22 | 00,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{79ec9cf6-91f6-11db-98db-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{79ec9cf6-91f6-11db-98db-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79ec9cf6-91f6-11db-98db-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/08/31 15:29:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (76001636736040960)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/07 12:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2009/12/07 12:13:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/07 12:13:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/07 12:13:09 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/07 12:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/07 12:09:37 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2009/12/07 12:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/05 14:07:18 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/12/05 14:07:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/12/05 14:06:00 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/05 13:58:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/12/05 13:56:19 | 67,291,088 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\admin\Desktop\kav2010_9.0.0.736en.exe
[2009/12/05 09:34:58 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/12/05 09:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/12/02 18:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Plants vs Zombies
[2009/12/02 17:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/07 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/12/07 13:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/12/07 12:42:46 | 00,000,645 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/07 12:40:30 | 00,000,091 | ---- | M] () -- C:\WINDOWS\AD_PREFS.INI
[2009/12/07 12:39:07 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/07 12:38:56 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/07 12:37:54 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/07 12:37:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/07 12:37:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/07 12:37:29 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 12:36:53 | 07,864,320 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2009/12/07 12:36:31 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\NTUSER.INI
[2009/12/07 12:35:04 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/07 12:13:23 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/07 12:09:37 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2009/12/07 12:01:18 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\NTREGOPT.lnk
[2009/12/07 12:01:18 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ERUNT.lnk
[2009/12/07 12:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/12/07 11:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/12/07 10:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/12/07 09:32:12 | 00,000,220 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2009/12/07 09:14:05 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/07 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/12/07 08:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/12/07 07:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/12/07 06:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/12/07 05:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/12/07 04:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009/12/07 03:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009/12/07 02:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009/12/07 01:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009/12/07 00:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009/12/06 23:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/12/06 22:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/12/06 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/12/06 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/12/06 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/12/06 20:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/12/06 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/12/06 19:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/12/06 18:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/12/06 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/12/06 17:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/12/06 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/12/06 16:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/12/06 15:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/12/06 14:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/12/05 14:17:12 | 00,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/05 14:09:04 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/12/05 14:09:04 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/12/05 14:02:53 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/12/05 13:57:05 | 67,291,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\admin\Desktop\kav2010_9.0.0.736en.exe
[2009/12/04 17:50:03 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/12/04 12:14:10 | 17,664,388 | ---- | M] () -- C:\BACKUP.MBK
[2009/12/04 10:11:42 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Xrukihevurijano.dat
[2009/12/04 09:09:27 | 00,052,402 | ---- | M] () -- C:\WINDOWS\System32\mongrelinteractive.fc
[2009/12/04 09:09:26 | 00,332,288 | ---- | M] () -- C:\WINDOWS\System32\y300xxxx.CLL
[2009/12/04 09:09:21 | 00,040,448 | ---- | M] () -- C:\WINDOWS\System32\ycode.dll
[2009/12/04 02:29:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Nkofu.bin
[2009/12/03 16:27:55 | 00,001,244 | ---- | M] () -- C:\WINDOWS\System32\globalsurveygroup.fc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 11:51:46 | 00,000,265 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/02 18:32:15 | 00,001,500 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/12/02 18:32:12 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip 120209.lnk
[2009/12/02 18:09:13 | 00,001,008 | ---- | M] () -- C:\WINDOWS\winzip.ini
[2009/12/02 16:53:58 | 00,000,025 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\popcinfot.dat
[2009/12/01 07:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/30 17:38:25 | 00,536,060 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\montage.pdf
[2009/11/24 17:43:12 | 00,052,836 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/23 18:18:52 | 00,014,300 | ---- | M] () -- C:\WINDOWS\Unname1.~ts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/07 12:13:23 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/07 12:01:18 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\NTREGOPT.lnk
[2009/12/07 12:01:18 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ERUNT.lnk
[2009/12/05 14:09:04 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/12/05 14:09:04 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/12/04 04:45:28 | 00,052,402 | ---- | C] () -- C:\WINDOWS\System32\mongrelinteractive.fc
[2009/12/03 01:17:13 | 00,001,244 | ---- | C] () -- C:\WINDOWS\System32\globalsurveygroup.fc
[2009/12/03 01:17:11 | 00,332,288 | ---- | C] () -- C:\WINDOWS\System32\y300xxxx.CLL
[2009/12/03 01:17:07 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\ycode.dll
[2009/12/02 19:11:02 | 00,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/12/02 18:32:15 | 00,001,500 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/12/02 18:32:12 | 00,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip 120209.lnk
[2009/12/02 17:37:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Nkofu.bin
[2009/12/02 17:37:00 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Xrukihevurijano.dat
[2009/12/02 17:34:40 | 00,000,220 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2009/11/30 17:38:25 | 00,536,060 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\montage.pdf
[2009/10/08 08:05:51 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\housecall.guid.cache
[2009/07/17 10:04:17 | 00,000,265 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/06 11:19:48 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/12/01 12:29:15 | 00,006,840 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\PrimoPDFSet.xml
[2008/12/01 12:27:28 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/11/01 08:58:36 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/01 08:58:33 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/09/13 09:06:20 | 00,000,091 | ---- | C] () -- C:\WINDOWS\AD_PREFS.INI
[2008/09/13 08:59:34 | 00,030,736 | ---- | C] () -- C:\WINDOWS\AD_RSRC.DLL
[2008/09/13 08:59:34 | 00,030,681 | ---- | C] () -- C:\WINDOWS\SPALETTE.DLL
[2008/07/01 10:46:28 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2008/04/28 12:13:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/02/28 16:07:31 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/02/28 16:06:13 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/09/19 08:53:38 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/07/14 08:31:36 | 00,046,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/03/14 17:04:40 | 00,001,008 | ---- | C] () -- C:\WINDOWS\winzip.ini
[2007/02/16 17:26:29 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\Machnm64.sys
[2007/02/16 17:26:29 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/02/16 17:26:27 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\csFxGeneral.dll
[2007/02/16 17:26:27 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2007/02/12 18:03:00 | 00,335,360 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/02/12 18:02:59 | 03,774,224 | ---- | C] () -- C:\WINDOWS\System32\mso97.dll
[2006/05/30 14:55:03 | 00,000,032 | ---- | C] () -- C:\WINDOWS\MORTGAGE.INI
[2006/01/16 16:13:10 | 00,000,201 | ---- | C] () -- C:\WINDOWS\PENWIN.INI
[2006/01/12 14:57:20 | 00,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2006/01/12 10:48:50 | 00,200,704 | ---- | C] () -- C:\WINDOWS\PVCTL.DLL
[2006/01/12 10:48:44 | 00,143,872 | ---- | C] () -- C:\WINDOWS\PV.DLL
[2006/01/12 10:48:33 | 00,350,518 | ---- | C] () -- C:\WINDOWS\CP2001.DLL
[2006/01/12 10:41:44 | 00,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2006/01/12 10:36:30 | 00,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2006/01/12 10:36:30 | 00,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2006/01/12 10:36:30 | 00,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2006/01/12 10:36:30 | 00,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2006/01/12 10:36:11 | 00,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2006/01/12 10:33:33 | 00,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2006/01/12 10:33:29 | 00,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2006/01/12 10:33:25 | 00,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2006/01/12 10:32:12 | 00,003,664 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2006/01/06 18:09:29 | 00,003,364 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/21 11:42:49 | 00,000,087 | ---- | C] () -- C:\WINDOWS\FreeOffers.ini
[2005/09/13 14:11:50 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/08/29 10:22:13 | 00,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2005/05/10 14:21:19 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/05/10 14:20:53 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\PFP120JPR.{PB
[2005/05/10 14:20:53 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\PFP120JCM.{PB
[2005/03/22 13:03:52 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/03/10 16:57:52 | 00,000,099 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/03/10 16:57:52 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/20 13:04:56 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2004/12/20 11:32:05 | 00,080,384 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/10 03:43:50 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/11/30 17:04:05 | 00,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/28 13:41:26 | 00,000,823 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/28 13:39:30 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/09/15 11:33:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2004/09/14 12:35:08 | 00,059,776 | ---- | C] () -- C:\WINDOWS\System32\FLORA16.DLL
[2004/09/14 12:35:08 | 00,000,730 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2004/09/14 12:35:08 | 00,000,021 | ---- | C] () -- C:\WINDOWS\mp_setup.ini
[2004/09/14 12:34:22 | 00,000,018 | ---- | C] () -- C:\WINDOWS\Epson900.ini
[2004/09/11 13:47:14 | 00,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2004/09/11 13:47:02 | 00,000,392 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2004/09/11 13:44:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2004/09/11 08:02:20 | 00,000,175 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/09/10 12:56:07 | 00,174,608 | ---- | C] () -- C:\WINDOWS\TUTILITY.DLL
[2004/09/10 12:28:34 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AUTHMGR.INI
[2004/08/31 16:07:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/31 15:45:33 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/31 15:45:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/31 15:33:10 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 10:02:24 | 00,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/27 16:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/12/05 16:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/11/01 15:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[1999/07/23 12:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/04/25 20:23:00 | 00,001,060 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1996/02/22 20:23:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/19 20:23:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\lodbc09.dll
[1996/01/17 20:23:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1996/01/15 20:23:00 | 00,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 20:23:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 20:23:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== LOP Check ==========

[2009/01/20 18:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\acccore
[2008/07/07 08:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\AVGTOOLBAR
[2009/08/03 09:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\BitZipper
[2008/04/11 10:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Canon
[2008/10/17 16:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ieSpell
[2004/12/19 09:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Leadertech
[2009/12/02 23:54:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\LimeWire
[2008/10/28 15:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Moyea
[2008/06/14 09:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Musicmatch
[2008/12/01 12:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\NewSoft
[2008/02/28 16:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ScanSoft
[2008/12/08 09:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TrojanHunter
[2009/12/05 14:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\uTorrent
[2007/07/11 11:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\WinPatrol
[2009/07/01 07:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/02/28 15:59:14 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/06/09 15:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/04/24 09:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/10/23 14:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/02/28 16:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/16 15:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/04 17:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/02 18:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/12/07 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2009/12/06 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2009/12/06 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2009/12/06 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2009/12/06 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2009/12/06 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2009/12/07 00:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2009/12/07 01:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2009/12/07 02:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2009/12/07 03:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2009/12/07 04:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2009/12/07 05:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2009/12/07 06:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2009/12/07 07:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2009/12/07 08:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2009/12/07 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2009/12/07 10:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2009/12/07 11:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2009/12/07 12:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2009/12/07 13:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2009/12/06 14:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2009/12/06 15:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2009/12/06 16:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2009/12/06 17:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2009/12/06 18:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2009/12/06 19:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2009/12/06 20:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2009/12/06 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2009/12/06 22:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2009/12/06 23:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2004/09/03 15:56:57 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/06 11:06:37 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2008/04/08 13:15:04 | 00,135,168 | ---- | M] (Netsurfer, Inc.) -- C:\DHCPD.exe
[2008/04/08 13:15:03 | 00,790,528 | ---- | M] (Netsurfer, Inc.) -- C:\setup32.exe
[2008/04/08 13:15:04 | 00,344,064 | ---- | M] (Netsurfer, Inc.) -- C:\Yampa.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


extras.txt report
OTL Extras logfile created on: 12/7/2009 1:13:49 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 116.15 Mb Available Physical Memory | 22.77% Memory free
1.45 Gb Paging File | 1.06 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 12.53 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive D: | 60.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D98MVL51
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1187903332\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1187903332\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe" = C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF -- (activePDF)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5E39FDEE-7676-4BB7-9E2B-8224D7D74406}_is1" = Moyea Video Converter version 1.2.1.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DAB4A00-571E-11D4-A1EF-00A0CC56ED6A}" = Alohabob PC Relocator
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FC84AD6-D939-41A0-A3DF-FB9B511FF275}_is1" = Sothink SWF Catcher for Internet Explorer
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9863E753-7D42-43DA-9EBB-9DA739995954}" = ChiroPad Demo
"{A2E9E353-672B-11D6-A531-C079B75CBC7A}" = Turbo Sweeps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AlfChess 1.2" = AlfChess 1.2
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ask Toolbar_is1" = Ask Toolbar
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CheckerBoard_is1" = CheckerBoard 1.611
"CleanUp!" = CleanUp!
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Status Monitor 2" = EPSON Status Monitor 2
"ERUNT_is1" = ERUNT 1.1j
"FAST Defrag Freeware_is1" = FAST Defrag Freeware 2.3
"Find-A-Code 2004" = Find-A-Code 2004
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"Hoover the Mischievous Mutt Screensaver" = Hoover the Mischievous Mutt Screensaver
"hp LaserJet 4200 Uninstaller" = hp LaserJet 4200 Uninstaller
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ieSpell" = ieSpell
"InstaFee$ && Files 2004 - Chiropractic" = InstaFee$ && Files 2004 - Chiropractic
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{7DAB4A00-571E-11D4-A1EF-00A0CC56ED6A}" = Alohabob PC Relocator
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"Jetcast" = Jetcast 3.0.2
"LimeWire" = LimeWire 4.18.2
"LiveUpdate" = LiveUpdate
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediSoft Advanced Patient Accounting 5.42" = MediSoft Advanced Patient Accounting 5.42
"MediSoft Video Help CD-ROM" = MediSoft Video Help CD-ROM
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Optimum Online net guide" = Optimum Online net guide
"Pawn 2" = Pawn 2
"PhotoMAX Pro" = PhotoMAX Pro
"Ping Plotter Freeware" = Ping Plotter Freeware
"Plants vs. Zombies" = Plants vs. Zombies
"PrimoPDF4.1.0.9" = PrimoPDF
"RealPlayer 12.0" = RealPlayer
"SereneScreen Aquarium" = SereneScreen Aquarium
"SmartSuite V97.0" = Lotus SmartSuite 97
"Soft Chess" = Soft Chess
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"UFileDownloadD" = Versal FileDownload ActiveX Control Trial Version
"Unlimited Checkers" = Unlimited Checkers
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"vixy converter BETA_is1" = vixy converter uninstall
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2007

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2009 6:23:45 PM | Computer Name = D98MVL51 | Source = Microsoft Fax | ID = 32092
Description = The Fax service failed to receive a fax. From: . CallerId: 7323893036.
To:
Fax. Pages: 0. Device Name: Intel® 537EP V9x DF PCI Modem.

Error - 7/7/2009 8:18:03 AM | Computer Name = D98MVL51 | Source = Microsoft Fax | ID = 32092
Description = The Fax service failed to receive a fax. From: . CallerId: . To: Fax.
Pages:
0. Device Name: Intel® 537EP V9x DF PCI Modem.

Error - 7/7/2009 11:36:42 AM | Computer Name = D98MVL51 | Source = Application Hang | ID = 1002
Description = Hanging application ntvdm.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/7/2009 11:36:43 AM | Computer Name = D98MVL51 | Source = Application Hang | ID = 1002
Description = Hanging application ntvdm.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/7/2009 4:14:37 PM | Computer Name = D98MVL51 | Source = Microsoft Fax | ID = 32092
Description = The Fax service failed to receive a fax. From: 8175790830. CallerId:
3032920637. To: Fax. Pages: 0. Device Name: Intel® 537EP V9x DF PCI Modem.

Error - 7/8/2009 10:32:37 PM | Computer Name = D98MVL51 | Source = Google Update | ID = 20
Description =

Error - 7/8/2009 11:32:39 PM | Computer Name = D98MVL51 | Source = Google Update | ID = 20
Description =

Error - 7/27/2009 5:17:40 PM | Computer Name = D98MVL51 | Source = Microsoft Fax | ID = 32092
Description = The Fax service failed to receive a fax. From: . CallerId: 8454466980.
To:
Fax. Pages: 0. Device Name: Intel® 537EP V9x DF PCI Modem.

Error - 7/30/2009 2:27:59 PM | Computer Name = D98MVL51 | Source = Application Error | ID = 1000
Description = Faulting application wordpro.exe, version 97.0.822.0, faulting module
wordpro.exe, version 97.0.822.0, fault address 0x0001c560.

Error - 8/4/2009 3:25:36 AM | Computer Name = D98MVL51 | Source = Microsoft Fax | ID = 32035
Description = Fax Service had problems restoring the fax queue. After restarting,
the service could not restore the outgoing and/or incoming faxes queue. If there
was a fax job in the outgoing queue, and you are not sure it was transmitted, you
should retransmit the fax.

[ System Events ]
Error - 12/7/2009 11:00:00 AM | Computer Name = D98MVL51 | Source = Schedule | ID = 7901
Description = The At35.job command failed to start due to the following error: %%2147942402

Error - 12/7/2009 12:00:00 PM | Computer Name = D98MVL51 | Source = Schedule | ID = 7901
Description = The At36.job command failed to start due to the following error: %%2147942402

Error - 12/7/2009 1:00:00 PM | Computer Name = D98MVL51 | Source = Schedule | ID = 7901
Description = The At37.job command failed to start due to the following error: %%2147942402

Error - 12/7/2009 1:37:37 PM | Computer Name = D98MVL51 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 12/7/2009 1:37:37 PM | Computer Name = D98MVL51 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/7/2009 1:37:37 PM | Computer Name = D98MVL51 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/7/2009 1:37:48 PM | Computer Name = D98MVL51 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Panasonic KX-P2130 share name
Printer.

Error - 12/7/2009 1:37:49 PM | Computer Name = D98MVL51 | Source = Service Control Manager | ID = 7000
Description = The PCCare Premium service failed to start due to the following error:
%%2

Error - 12/7/2009 2:00:00 PM | Computer Name = D98MVL51 | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 12/7/2009 2:00:00 PM | Computer Name = D98MVL51 | Source = Schedule | ID = 7901
Description = The At38.job command failed to start due to the following error: %%2147942402


< End of report >

Edited by lupi2279, 08 December 2009 - 10:37 AM.

  • 0

Advertisements


#2
lupi2279

lupi2279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/07 12:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB18A8000 Size: 49152 File Visible: No Signed: -
Status: -

Name: xpbsm.sys
Image Path: xpbsm.sys
Address: 0xF8608000 Size: 54016 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf58c

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcfe0c

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0922

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0e94

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd00ee

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce436

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0d6c

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf192

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0c28

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf34e

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0fc6

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2c08

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcfaaa

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0cca

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd25fa

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce9fa

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fced88

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0576

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd35ca

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fceeca

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcef74

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0382

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd268c

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce412

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce424

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2cbc

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf0c0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0f36

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcfe8e

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce5dc

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd0e04

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf792

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2c32

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd1068

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf6b6

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf01e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcec46

#: 167 Function Name: NtQuerySection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2fd4

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce896

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2922

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fceb0e

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce2b0

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd13f2

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd12b8

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd239a

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd5e2c

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd34ac

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce248

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd065c

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcfcc8

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd1c4a

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2786

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd3114

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fce71e

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd31f8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd3320

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2526

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf90a

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf860

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fd2e8a

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb2fcf9ea

==EOF==rr
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP