Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Malware Removal


  • This topic is locked This topic is locked
24 replies to this topic

#1 Sandra 2009

Sandra 2009

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 05 May 2009 - 08:05 AM

This is my first post at this site, so I would appreciate any help you could give me.

I am having a problem with performing internet searches. I am using Mozilla Firefox, and whenever i try to search for something and click on the results of the search, it redirects me to some other web address. Iíve tried to run several malware programs, including Spybot, and i have not been able to get results. For some reason I cannot even get Spybot to open when i double-click on it.

I am using Windows version XP.

I did download HijackThis and my log is entered below.


C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {65E77569-E9DC-C054-D889-B66930A185CE} - C:\WINDOWS\system32\iunnp.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (file missing)
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\Sandra\nah_hpyw.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.streamingfaith.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118103085190
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: VRS Recording System Service (VRSService) - Unknown owner - C:\Program Files\NCH Swift Sound\VRS\vrs.exe

I appreciate any advice you have. Thanks

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 05 May 2009 - 03:18 PM

Hi Sandra 2009,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 05 May 2009 - 06:35 PM

Hi Sandra 2009,

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Let's take a better look at the machine

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 08 May 2009 - 01:57 PM

Hi Sandra 2009,

I have not had a reply from you for 2 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#5 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 09 May 2009 - 07:16 AM

Thanks for your response. I have followed the steps you asked for and here are the results:



Results from GMER scan:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-08 22:53:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 82A321E0 ZwEnumerateKey
Code 828D4328 ZwFlushInstructionCache
Code \SystemRoot\System32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous
Code 828D6106 IofCallDriver
Code 826241AE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 828D610B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 826241B3
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP EF81D9E0 \SystemRoot\System32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP EF81D626 \SystemRoot\System32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 82A321E4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 828D432C

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\LEXPPS.EXE[132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\LEXPPS.EXE[132] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0078000A
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0079000A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D4000A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D5000A
.text C:\WINDOWS\System32\alg.exe[1324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\alg.exe[1324] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\WINDOWS\Explorer.EXE[1476] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[1476] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A4000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A5000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00EBF9F0 \\?\globalroot\systemroot\system32\UACosuxqpqncmwiifc.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EC0A60 \\?\globalroot\systemroot\system32\UACosuxqpqncmwiifc.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00EC08A0 \\?\globalroot\systemroot\system32\UACosuxqpqncmwiifc.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EC0780 \\?\globalroot\systemroot\system32\UACosuxqpqncmwiifc.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00EBFDA0 \\?\globalroot\systemroot\system32\UACosuxqpqncmwiifc.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EBFFD0 \\?\globalroot\systemroot\system32\UACosuxqpqncmwiifc.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0074000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1776] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A6000A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1776] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\ctfmon.exe[1816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\ctfmon.exe[1816] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\igfxtray.exe[2848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\igfxtray.exe[2848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\hkcmd.exe[2900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\hkcmd.exe[2900] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[2924] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[2924] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C2000A
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2956] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2956] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2956] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
.text C:\Program Files\Messenger\MSMSGS.EXE[2976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AE000A
.text C:\Program Files\Messenger\MSMSGS.EXE[2976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AF000A
.text C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe[3436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010E000A
.text C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe[3436] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 010F000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009D000A
.text C:\Documents and Settings\Sandra\Desktop\0s0sp5qe.exe[3784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A4000A
.text C:\Documents and Settings\Sandra\Desktop\0s0sp5qe.exe[3784] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A5000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405243
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040518F
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040512A
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004050F8
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004054FC
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004057AE
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004057AE
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004054FC
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004057AE
IAT C:\WINDOWS\system32\spoolsv.exe[128] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405243
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135243
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013518F
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013512A
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001350F8
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001357AE
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001354FC
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001357AE
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001354FC
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001357AE
IAT C:\WINDOWS\system32\LEXPPS.EXE[132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135243
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135243
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013518F
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013512A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001350F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00FB04A8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00FB04D2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00FB04FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00FB0526
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00FB0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB057A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00FB05A4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00FB05CE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00FB05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00FB064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00FB0676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00FB06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00FB06CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB06F4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00FB071E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00FB0748
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 00FB0772
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00FB079C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00FB07C6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00FB07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00FB081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00FB0844
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00FB086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0898
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00FB08C2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00FB08EC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00FB0916
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00FB0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB096A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00FB0994
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00FB09BE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00FB09E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00FB0A12
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00FB0A3C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00FB0C34
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0C5E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00FB0C88
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00FB0CB2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00FB0CDC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00FB0D06
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00FB0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00FB0D5A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00FB0D84
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0E02
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00FB0E2C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00FB0E56
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00FB0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00FB0EAA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00FB0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00FB0EFE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00FB0F28
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00FB0F52
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00FB0F7C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001357AE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001354FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0FA6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00FB0FD0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00FE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00FE003A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00FE0064
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00FE008E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00FE00B8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00FE00E2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00FE010C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00FE0136
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00FE0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00FE018A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001357AE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00FE01B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00FE01DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00FE0208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00FE0232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00FE025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00FE0286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00FE02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00FE02DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001354FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001357AE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00FE0526
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00FE0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00FE057A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE05A4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 00FE086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00FE0898
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 00FE08C2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00FE08EC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 00FE0916
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 00FE096A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 00FE0994
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 00FE09BE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00FE0B38
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00FE0B62
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00FE0B8C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00FE0BB6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 00FE0C0A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0C34
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 00FE0C5E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 00FE0C88
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 00FE0CB2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135243
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!FreeLibrary] 00FE0CDC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetProcAddress] 00FE0D06
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryA] 00FE0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0D5A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExA] 00FE0D84
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExW] 00FE0DAE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetModuleFileNameW] 00FE0DD8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetModuleFileNameA] 00FE0E02
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00FE0FD0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00FF0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00FF003A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00FF0064
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00FF008E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00FF00B8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00FF00E2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00FF010C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF0136
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] 00FF0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF018A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] 00FF01B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 00FF01DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 00FF0208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetModuleFileNameA] 00FF0232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 00FB01DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 00FB025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 00FB0286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[648] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FB0358
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00FE5243
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FE5243
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FE518F
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FE512A
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FE50F8
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FE57AE
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FE54FC
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FE57AE
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FE5243
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00FE57AE
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00FE54FC
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E55243
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E5518F
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E5512A
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E550F8
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00E5518F
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E55243
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00E5518F
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00E5512A
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E554FC
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E557AE
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E557AE
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E554FC
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E557AE
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D250F8
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E35243
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E3518F
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E3512A
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E350F8
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E354FC
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E357AE
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E357AE
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E354FC
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E357AE
IAT C:\WINDOWS\system32\svchost.exe[1052] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E35243
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135243
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013518F
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013512A
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001350F8
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]

Thanks!

#6 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 09 May 2009 - 07:20 AM

I couldn't tell if the OTViewIt and Extras logs were in the previous post, so i'm adding those as well. Sorry if I'm repeating myself.

OTViewIt logfile created on: 5/8/2009 10:54:21 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.52 Mb Total Physical Memory | 108.16 Mb Available Physical Memory | 21.48% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.13% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 98.26 Gb Free Space | 87.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATKINS
Current User Name: Sandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2002/09/09 23:53:28 | 00,286,720 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2002/09/09 23:53:29 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2009/05/06 09:40:44 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2009/01/02 10:20:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/03/09 04:36:10 | 02,213,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2004/08/20 15:55:14 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/03/07 18:35:08 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2007/09/14 08:58:16 | 00,163,128 | ---- | M] (SpiralFrog) -- C:\Program Files\SpiralFrog\Spiralfrog.exe
[2009/01/02 10:20:38 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/05/06 09:40:44 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/06/21 16:17:16 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[1997/08/06 00:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
[2009/02/20 15:22:34 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/05/08 21:31:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/05/06 09:40:44 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/01/02 10:20:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2002/09/09 23:53:28 | 00,286,720 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2007/03/09 04:36:10 | 02,213,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/03/01 15:23:50 | 00,577,540 | ---- | M] () -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
[2004/08/20 16:26:00 | 00,737,874 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2009/05/06 09:40:44 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2009/05/06 09:40:44 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/04 01:41:35 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2006/01/03 18:59:56 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2002/09/03 12:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/04 01:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 04:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2009/03/14 06:48:40 | 00,005,120 | ---- | M] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver [System | Running])
[2009/05/06 09:40:44 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2002/09/03 13:14:25 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = 127.0.0.1

========== (O1) Hosts File ==========

HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{65E77569-E9DC-C054-D889-B66930A185CE} (HKLM) -- C:\WINDOWS\system32\iunnp.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll File not found
{ABD45510-9B22-41cd-9ACD-8182A2DA7C63} (HKLM) -- C:\WINDOWS\system32\iehelper.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=ALCXMNTR.EXE (Realtek Semiconductor Corp.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"EPSON Stylus C64 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" File not found
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"SpiralFrog"=C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background (Microsoft Corporation)
"nah_Shell"=C:\Documents and Settings\Sandra\nah_hpyw.exe File not found
"SFP"=C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background (Microsoft Corporation)
"nah_Shell"=C:\Documents and Settings\Sandra\nah_hpyw.exe File not found
"SFP"=C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s File not found

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004/06/21 16:17:16 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[1997/08/06 00:00:00 | 00,111,376 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[1997/08/06 00:00:00 | 00,051,984 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/11/11 20:00:38 | 00,222,472 | ---- | M] (Kaspersky Lab)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
streamingfaith.com\www: http in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
streamingfaith.com\www: http in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://v5.windowsupdate.microsoft.com/v5co...b?1118103085190 -- WUWebControl Class
{77E32299-629F-43C6-AB77-6A1E6D7663F6}: http://download.shockwave.com/pub/otoy/OTOYAX.cab -- Groove Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{E4C70DDB-D933-4C68-9CAD-16EF3AECD27F} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
>[2008/11/11 20:00:26 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
>[2008/11/11 20:00:26 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
>File not found -- C:\WINDOWS\system32\sdra64.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/06 18:46:33 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3fbb2a-ba76-11dd-89b1-0000864ae371}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3fbb2a-ba76-11dd-89b1-0000864ae371}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3fbb2a-ba76-11dd-89b1-0000864ae371}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/06/17 15:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/08 21:32:03 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTViewIt.exe
[2009/05/08 21:20:05 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\0s0sp5qe.exe
[2009/05/08 21:17:14 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sandra\Desktop\HJTInstall.exe
[2009/05/08 06:52:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/06 09:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/06 09:24:15 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/05/06 09:24:15 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/06 09:24:15 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/06 09:24:15 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/06 09:10:55 | 00,101,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/06 09:10:55 | 00,089,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/06 09:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/05/06 09:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/06 09:09:14 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/06 09:08:28 | 00,000,000 | ---D | C] -- C:\Program Files\doc
[2009/05/06 07:38:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/05/06 05:06:48 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/06 05:02:49 | 00,003,904 | ---- | C] () -- C:\rollback.ini
[2009/05/06 04:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/05/06 04:53:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Downloaded Installations
[2009/05/06 04:44:48 | 00,005,120 | ---- | C] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS
[2009/05/06 04:44:48 | 00,000,256 | ---- | C] () -- C:\WINDOWS\adaway.lic
[2009/05/02 09:07:07 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2009/04/27 16:18:54 | 00,000,000 | ---D | C] -- C:\4f85cb9eac818c858bf96d15d69c3834
[2009/04/26 09:39:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/26 09:39:30 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/26 09:36:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/21 17:06:12 | 00,000,000 | ---D | C] -- C:\267525e874007fe05f151bdaf1e4b7
[2009/04/16 21:35:38 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/15 08:44:23 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 08:44:20 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 08:44:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 08:44:18 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 08:44:18 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 08:44:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 08:44:17 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 08:44:16 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 08:44:15 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 08:42:40 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 08:42:31 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 08:42:30 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/11 19:57:49 | 00,000,850 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Jewel Quest.lnk
[2009/04/11 19:57:06 | 00,001,682 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\More Yahoo! Games.lnk
[2009/04/11 19:56:50 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Sandra\My Documents\*.tmp files]
[2009/05/08 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/05/08 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/05/08 21:31:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTViewIt.exe
[2009/05/08 21:25:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/08 21:24:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 21:19:46 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\0s0sp5qe.exe
[2009/05/08 21:17:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sandra\Desktop\HJTInstall.exe
[2009/05/08 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/05/08 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/05/08 18:41:33 | 06,402,170 | -H-- | M] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\IconCache.db
[2009/05/08 18:00:04 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/08 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/05/08 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/05/08 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/05/08 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/05/07 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/05/07 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/05/07 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/05/07 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/05/07 17:34:29 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/06 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/05/06 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/05/06 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/05/06 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/05/06 10:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/05/06 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/05/06 09:40:44 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/06 09:40:44 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/05/06 09:40:41 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/06 09:40:41 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/06 09:27:59 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/05/06 09:27:59 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/06 09:27:59 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/06 09:27:59 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/06 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/05/06 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/05/06 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/05/06 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/05/06 07:42:20 | 00,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/05/06 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/05/06 05:02:49 | 00,003,904 | ---- | M] () -- C:\rollback.ini
[2009/05/06 05:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/05/06 05:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/05/06 04:44:48 | 00,000,256 | ---- | M] () -- C:\WINDOWS\adaway.lic
[2009/05/06 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/05/06 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009/05/06 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/05/06 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009/05/06 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/05/06 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009/05/06 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009/05/06 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/05/06 00:47:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009/05/06 00:41:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/05 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/05/05 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/05/05 22:07:29 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/05 19:08:33 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/05 18:11:44 | 00,008,192 | ---- | M] () -- C:\WINDOWS\Sandra.pcb
[2009/05/02 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/05/02 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/05/02 15:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/05/02 15:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/05/02 14:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/05/02 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/05/02 13:00:04 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/05/02 13:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/05/01 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/05/01 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/04/27 18:07:12 | 01,614,848 | ---- | M] () -- C:\WINDOWS\System32\sfcfiles.dll
[2009/04/16 21:35:38 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/16 16:50:06 | 00,056,418 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/04/15 17:51:42 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 17:51:42 | 00,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 17:51:42 | 00,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/11 21:38:11 | 00,001,682 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\More Yahoo! Games.lnk
[2009/04/11 21:38:11 | 00,000,850 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Jewel Quest.lnk
< End of report >

Extras:
OTViewIt Extras logfile created on: 5/8/2009 10:54:21 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.52 Mb Total Physical Memory | 108.16 Mb Available Physical Memory | 21.48% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.13% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 98.26 Gb Free Space | 87.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATKINS
Current User Name: Sandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
"AntiVirusDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\CommonSearch\VCatch\VCatch.exe:*:Enabled:VCatch Antivirus Basic Version
File not found -- C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell
File not found -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Documents and Settings\Sandra\Desktop\Jewel Quest Download\Jewel Quest\JewelQuest.exe:*:Disabled:JewelQuest
File not found -- C:\Program Files\LimeWire\.NetworkShare\LimeWireWin4.12.6.exe:*:Enabled:LimeWireWin4.12.6.exe
[2005/08/26 16:55:32 | 00,692,224 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2002/09/09 23:53:29 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2007/10/13 15:31:57 | 00,458,240 | -H-- | M] (Hasbro Interactive) -- C:\My Games\The Game of Life\life.exe:*:Disabled:The Game Of Life
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
[2009/02/20 15:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/19 08:20:05 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2001/09/27 20:41:50 | 01,043,968 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
[2006/03/07 18:35:11 | 00,208,941 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2009/03/10 16:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5B5920-B3AA-44AE-8F94-1CF3ECA42102}"=Digimax U-CA 5
"{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}"=ArcSoft PhotoImpression 4
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{95738B44-49CF-4C62-A620-320F1007B14A}"=SpiralFrog Download Manager 0.8.23
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}"=Digimax Viewer 2.1
"{9F60FF4E-725D-4B28-0094-FDADF5E73647}"=NBA Live 2003
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}"=Adobe Flash Player 10 Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}"=Digimax Reader
"3DGroove"=OTOY
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"DebtFree™ for Windows Personal 5.0h"=DebtFree™ for Windows Personal 5.0h
"Free Sound Recorder"=Free Sound Recorder
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"Jewel Quest"=Jewel Quest (remove only)
"kxbtfwvtydtiwmc"=RON Tool Offersfortoday
"Lexmark Z54"=Lexmark Z54
"LimeWire"=LimeWire 5.1.2
"Membership Plus 6.0 for Windows"=Membership Plus 6.0 for Windows
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSPersonalTutorMathopolis"=Microsoft Mathopolis
"MSPersonalTutorReaderRailway"=Microsoft Reader Railway
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Office8.0"=Microsoft Office 97, Standard Edition
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"Switch"=Switch
"UnityWebPlayer"=Unity Web Player
"VRS"=VRS Recording System
"WavePad"=WavePad Uninstall
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2009 6:07:04 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 6:07:03
AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: t2qbzp7g StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 6:07:04 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 6:07:04
AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: t2qbzp7g StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 5:41:00 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 5:40:59
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: 0shtuf66 StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 5:41:00 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 5:41:00
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: 0shtuf66 StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 8:53:03 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 8:53:02
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: u_ber5vw StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 8:53:03 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 8:53:03
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: u_ber5vw StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 9:09:12 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 9:09:12
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: kutvuge3 StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 9:09:12 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 9:09:12
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: kutvuge3 StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 9:27:01 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 9:27:01
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: pflop2u- StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/8/2009 9:27:01 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/8/2009 9:27:01
PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: pflop2u- StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

[ System Events ]
Error - 5/8/2009 6:00:00 PM | Computer Name = ATKINS | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402

Error - 5/8/2009 8:53:04 PM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/8/2009 9:00:00 PM | Computer Name = ATKINS | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942402

Error - 5/8/2009 9:00:00 PM | Computer Name = ATKINS | Source = Schedule | ID = 7901
Description = The At46.job command failed to start due to the following error: %%2147942402

Error - 5/8/2009 9:09:32 PM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/8/2009 9:26:37 PM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/8/2009 9:26:46 PM | Computer Name = ATKINS | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 e1e17000, parameter2 00000002, parameter3
00000000, parameter4 f8602cf6.

Error - 5/8/2009 9:26:58 PM | Computer Name = ATKINS | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 e1e30000, parameter2 00000002, parameter3
00000000, parameter4 f8602cf6.

Error - 5/8/2009 10:00:00 PM | Computer Name = ATKINS | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 5/8/2009 10:00:00 PM | Computer Name = ATKINS | Source = Schedule | ID = 7901
Description = The At47.job command failed to start due to the following error: %%2147942402


< End of report >

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 10 May 2009 - 04:14 AM

Hi Sandra 2009,

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    C:\Documents and Settings\Sandra\nah_hpyw.exe
    C:\WINDOWS\system32\sdra64.exe
    C:\Windows\Tasks\At*.job
    :Reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nah_Shell"=-
    [HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nah_Shell"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "UserInit"=C:\WINDOWS\system32\userinit.exe,
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "kxbtfwvtydtiwmc"=-
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post another HijackThis log too. Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 10 May 2009 - 08:46 PM

Thanks for the reply. Seems a new problem has cropped up. All of a sudden, I AM HAVING A PROBLEM RUNNING ANOTHER HIJACKTHIS LOG. I tried removing the program and reinstalling, and IT WILL NOT INSTALL WHEN I DOUBLE-CLICK. I don't know what is happening or what to do about it.

Here are the ERUNT results:

========== FILES ==========
File/Folder C:\Documents and Settings\Sandra\nah_hpyw.exe not found.
File/Folder C:\WINDOWS\system32\sdra64.exe not found.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nah_Shell deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nah_Shell not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|C:\WINDOWS\system32\userinit.exe, /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\kxbtfwvtydtiwmc not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05102009_212025

Is it safe to assume that i am to restore registry once I have run this function?

#9 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 10 May 2009 - 09:10 PM

Problem Solved - I did some research regarding installing HijackThis, and i tricked my pc into running the log by changing the .exe extension to .bat. Anyway, here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:50 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {65E77569-E9DC-C054-D889-B66930A185CE} - C:\WINDOWS\system32\iunnp.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (file missing)
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\inethttpfilter.dll' missing
O15 - Trusted Zone: http://www.streamingfaith.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118103085190
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: VRS Recording System Service (VRSService) - Unknown owner - C:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 9068 bytes

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 11 May 2009 - 12:53 PM

Hi Sandra 2009,

Good work renaming HijackThis. This technique works well on any tool programs that won't run so if we have any further trouble try renaming it before you post. :)

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please post a new OTMoveIt log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 12 May 2009 - 08:02 PM

I did initially encounter some problems with trying to run Malwarebytes. I had to rename the download to 'setup.exe', then i had to run the scan in Safe Mode after changing the file extension to .bat. Did not want to cooperate at all, but I did manage to get it to scan. Malwarebytes did not do any automatic updates, nor did it prompt me to update.

Here's the results of the MBAM Log:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/12/2009 5:52:00 PM
mbam-log-2009-05-12 (17-52-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 137685
Time elapsed: 55 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5d2631e5-8696-7543-50b2-f674cd4308eb} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> Delete on reboot.

Files Infected:
C:\Program Files\ZwinkySetup2.2.60.11-2.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Rx3Fc4v0.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv301239024633.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.


OT MoveIT3 Log:
========== FILES ==========
File/Folder C:\Documents and Settings\Sandra\nah_hpyw.exe not found.
File/Folder C:\WINDOWS\system32\sdra64.exe not found.
File/Folder C:\Windows\Tasks\At*.job not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nah_Shell not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nah_Shell not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|C:\WINDOWS\system32\userinit.exe, /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\kxbtfwvtydtiwmc not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_205052

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 13 May 2009 - 06:18 AM

Sandra 2009,

Sorry, I meant to ask you to post a new OTViewIt log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 13 May 2009 - 04:45 PM

Here's the latest OTViewIt Log:
OTViewIt logfile created on: 5/13/2009 7:54:44 AM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.52 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 47.86% Memory free
1.20 Gb Paging File | 0.99 Gb Available in Paging File | 82.92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 98.21 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATKINS
Current User Name: Sandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2002/09/09 23:53:28 | 00,286,720 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2002/09/09 23:53:29 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2009/01/02 10:20:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/03/09 04:36:10 | 02,213,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2004/08/20 15:55:14 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/03/07 18:35:08 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2007/09/14 08:58:16 | 00,163,128 | ---- | M] (SpiralFrog) -- C:\Program Files\SpiralFrog\Spiralfrog.exe
[2009/01/02 10:20:38 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004/06/21 16:17:16 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[1997/08/06 00:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
[2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2009/02/20 15:22:34 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2009/05/08 21:31:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTViewIt.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

========== (O23) Win32 Services ==========

[2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/05/06 09:40:44 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/01/02 10:20:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2002/09/09 23:53:28 | 00,286,720 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2007/03/09 04:36:10 | 02,213,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/03/01 15:23:50 | 00,577,540 | ---- | M] () -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
[2004/08/20 16:26:00 | 00,737,874 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2009/05/06 09:40:44 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2009/05/06 09:40:44 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/04 01:41:35 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2006/01/03 18:59:56 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2002/09/03 12:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/04 01:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 04:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2009/03/14 06:48:40 | 00,005,120 | ---- | M] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver [System | Running])
[2009/05/06 09:40:44 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2002/09/03 13:14:25 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Secondary Start Pages"=
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Secondary Start Pages"=
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = 127.0.0.1

========== (O1) Hosts File ==========

HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{65E77569-E9DC-C054-D889-B66930A185CE} (HKLM) -- C:\WINDOWS\system32\iunnp.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=ALCXMNTR.EXE (Realtek Semiconductor Corp.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"EPSON Stylus C64 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" File not found
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"SpiralFrog"=C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background (Microsoft Corporation)
"SFP"=C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background (Microsoft Corporation)
"SFP"=C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s File not found

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004/06/21 16:17:16 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[1997/08/06 00:00:00 | 00,111,376 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[1997/08/06 00:00:00 | 00,051,984 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/11/11 20:00:38 | 00,222,472 | ---- | M] (Kaspersky Lab)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
streamingfaith.com\www: http in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
streamingfaith.com\www: http in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://v5.windowsupdate.microsoft.com/v5co...b?1118103085190 -- WUWebControl Class
{77E32299-629F-43C6-AB77-6A1E6D7663F6}: http://download.shockwave.com/pub/otoy/OTOYAX.cab -- Groove Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{E4C70DDB-D933-4C68-9CAD-16EF3AECD27F} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
>[2008/11/11 20:00:26 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
>[2008/11/11 20:00:26 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/06 18:46:33 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3fbb2a-ba76-11dd-89b1-0000864ae371}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3fbb2a-ba76-11dd-89b1-0000864ae371}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3fbb2a-ba76-11dd-89b1-0000864ae371}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/06/17 15:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/12 17:53:39 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/12 16:42:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
[2009/05/12 16:22:04 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 16:14:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/12 16:14:32 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/12 16:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/12 16:14:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/12 16:13:43 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandra\Desktop\setup.exe
[2009/05/12 16:11:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/05/12 15:58:25 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandra\Desktop\mb.com
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sandra\Desktop\mb.com:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Sandra\Desktop\mb.com:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2009/05/10 22:07:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\HijackThis.lnk
[2009/05/10 22:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/10 21:40:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sandra\Desktop\HJTInstall.bat
[2009/05/10 21:20:25 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/10 21:18:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/10 21:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Desktop\erunt
[2009/05/10 09:03:00 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTMoveIt3.exe
[2009/05/10 09:01:46 | 00,513,320 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\erunt.zip
[2009/05/10 08:53:04 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Instruction Code to paste.doc
[2009/05/10 07:58:35 | 17,958,869 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\DAdablacktop's_15th_mix(2).mp3
[2009/05/09 14:49:25 | 17,958,869 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\DAdablacktop's_15th_mix.mp3
[2009/05/08 21:32:03 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTViewIt.exe
[2009/05/08 21:20:05 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\0s0sp5qe.exe
[2009/05/08 06:52:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/06 09:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/06 09:24:15 | 00,820,768 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/06 09:24:15 | 00,007,492 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/06 09:24:15 | 00,004,640 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/06 09:24:15 | 00,001,584 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/05/06 09:10:55 | 00,101,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/06 09:10:55 | 00,089,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/06 09:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/05/06 09:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/06 09:09:14 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/06 09:08:28 | 00,000,000 | ---D | C] -- C:\Program Files\doc
[2009/05/06 07:38:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/05/06 05:06:48 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/06 05:02:49 | 00,003,904 | ---- | C] () -- C:\rollback.ini
[2009/05/06 04:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/05/06 04:53:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Downloaded Installations
[2009/05/06 04:44:48 | 00,005,120 | ---- | C] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS
[2009/05/02 09:07:07 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2009/04/27 16:18:54 | 00,000,000 | ---D | C] -- C:\4f85cb9eac818c858bf96d15d69c3834
[2009/04/26 09:39:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/26 09:39:30 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/26 09:36:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/21 17:06:12 | 00,000,000 | ---D | C] -- C:\267525e874007fe05f151bdaf1e4b7
[2009/04/16 21:35:38 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/15 11:03:03 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\UACuugiuxvgutfmauf.dat
[2009/04/15 11:02:09 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\UACexvimovnstjetal.sys
[2009/04/15 08:44:23 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 08:44:20 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 08:44:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 08:44:18 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 08:44:18 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 08:44:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 08:44:17 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 08:44:16 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 08:44:15 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 08:42:40 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 08:42:31 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 08:42:30 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Sandra\My Documents\*.tmp files]
[2009/05/13 07:54:30 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 07:53:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 07:53:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 07:52:45 | 00,820,768 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/13 07:52:45 | 00,007,492 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/13 07:52:45 | 00,004,640 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/13 07:52:45 | 00,001,584 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/05/13 07:44:14 | 03,232,914 | -H-- | M] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\IconCache.db
[2009/05/12 22:07:23 | 00,051,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\UACexvimovnstjetal.sys
[2009/05/12 22:07:23 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/12 22:06:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/12 20:48:17 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/12 16:42:19 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 16:13:17 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandra\Desktop\setup.exe
[2009/05/12 16:12:24 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandra\Desktop\mb.com
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sandra\Desktop\mb.com:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Sandra\Desktop\mb.com:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2009/05/12 16:12:09 | 00,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/10 22:07:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\HijackThis.lnk
[2009/05/10 21:39:57 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sandra\Desktop\HJTInstall.bat
[2009/05/10 21:21:36 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Instruction Code to paste.doc
[2009/05/10 09:02:20 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTMoveIt3.exe
[2009/05/10 09:01:19 | 00,513,320 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\erunt.zip
[2009/05/10 07:58:33 | 17,958,869 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\DAdablacktop's_15th_mix(2).mp3
[2009/05/09 14:49:35 | 17,958,869 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\DAdablacktop's_15th_mix.mp3
[2009/05/08 21:31:41 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTViewIt.exe
[2009/05/08 21:19:46 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\0s0sp5qe.exe
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 09:40:44 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/06 09:40:44 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/05/06 09:40:41 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/06 09:40:41 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/06 07:42:20 | 00,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 05:02:49 | 00,003,904 | ---- | M] () -- C:\rollback.ini
[2009/05/05 19:08:33 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/05 18:11:44 | 00,008,192 | ---- | M] () -- C:\WINDOWS\Sandra.pcb
[2009/04/27 18:07:12 | 01,614,848 | ---- | M] () -- C:\WINDOWS\System32\sfcfiles.dll
[2009/04/16 16:50:06 | 00,056,418 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/04/15 17:51:42 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 17:51:42 | 00,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 17:51:42 | 00,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 11:03:03 | 00,000,224 | ---- | M] () -- C:\WINDOWS\System32\UACuugiuxvgutfmauf.dat
< End of report >

In case you need the Extras Log:
OTViewIt Extras logfile created on: 5/13/2009 7:54:44 AM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.52 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 47.86% Memory free
1.20 Gb Paging File | 0.99 Gb Available in Paging File | 82.92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 98.21 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATKINS
Current User Name: Sandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
"AntiVirusDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\CommonSearch\VCatch\VCatch.exe:*:Enabled:VCatch Antivirus Basic Version
File not found -- C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell
File not found -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Documents and Settings\Sandra\Desktop\Jewel Quest Download\Jewel Quest\JewelQuest.exe:*:Disabled:JewelQuest
File not found -- C:\Program Files\LimeWire\.NetworkShare\LimeWireWin4.12.6.exe:*:Enabled:LimeWireWin4.12.6.exe
[2005/08/26 16:55:32 | 00,692,224 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2002/09/09 23:53:29 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2007/10/13 15:31:57 | 00,458,240 | -H-- | M] (Hasbro Interactive) -- C:\My Games\The Game of Life\life.exe:*:Disabled:The Game Of Life
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
[2009/02/20 15:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/19 08:20:05 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2001/09/27 20:41:50 | 01,043,968 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
[2006/03/07 18:35:11 | 00,208,941 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2009/03/10 16:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5B5920-B3AA-44AE-8F94-1CF3ECA42102}"=Digimax U-CA 5
"{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}"=ArcSoft PhotoImpression 4
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{95738B44-49CF-4C62-A620-320F1007B14A}"=SpiralFrog Download Manager 0.8.23
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}"=Digimax Viewer 2.1
"{9F60FF4E-725D-4B28-0094-FDADF5E73647}"=NBA Live 2003
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}"=Adobe Flash Player 10 Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}"=Digimax Reader
"3DGroove"=OTOY
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"DebtFree™ for Windows Personal 5.0h"=DebtFree™ for Windows Personal 5.0h
"Free Sound Recorder"=Free Sound Recorder
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"Jewel Quest"=Jewel Quest (remove only)
"kxbtfwvtydtiwmc"=RON Tool Offersfortoday
"Lexmark Z54"=Lexmark Z54
"LimeWire"=LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Membership Plus 6.0 for Windows"=Membership Plus 6.0 for Windows
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSPersonalTutorMathopolis"=Microsoft Mathopolis
"MSPersonalTutorReaderRailway"=Microsoft Reader Railway
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Office8.0"=Microsoft Office 97, Standard Edition
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"Switch"=Switch
"UnityWebPlayer"=Unity Web Player
"VRS"=VRS Recording System
"WavePad"=WavePad Uninstall
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2009 5:55:33 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/12/2009
5:55:33 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: nipsboyp StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/12/2009 5:55:33 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/12/2009
5:55:33 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: nipsboyp StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/12/2009 9:54:42 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/12/2009
9:54:42 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) 2) Exception Information ********************************************* Exception
Type: System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: nipsboyp StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/12/2009 9:54:42 PM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/12/2009
9:54:42 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.InvalidOperationException Message: There is an error in XML document
(2, 2). TargetSite: System.Object Deserialize(System.Xml.XmlReader, System.String,
System.Xml.Serialization.XmlDeserializationEvents) HelpLink: NULL Source: System.Xml

StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.ServerApplicationInfo.Deserialize(String
filePath) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

3)
Exception Information ********************************************* Exception Type:
System.InvalidOperationException Message: <html xmlns='http://www.w3.org/1999/xhtml'>
was not expected. TargetSite: System.Object Read6_ServerApplicationInfo() HelpLink:
NULL Source: nipsboyp StackTrace Information *********************************************

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read6_ServerApplicationInfo()

Error - 5/13/2009 7:28:01 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/13/2009
7:27:59 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The BITS service returned an error for the job with
the ID '586c5ec5-894f-42ee-91d0-a8b795a31dd4'; the job's name and description are
'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service
error message for this job is 'There are currently no active network connections.
Background Intelligent Transfer Service (BITS) will try again when an adapter is
connected. '. This job has been canceled, and the DownloaderManager will attempt
it again. If you see this error frequently, you may have a mis-configuration, or
another administrator process/user is canceling BITS jobs. It is also possible that
some mis-configuration of the Manifest file is causing BITS to have trouble with
a source or destination path; be sure that all SOURCE paths are valid URLs, and
that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite:
NULL HelpLink: NULL Source: NULL

Error - 5/13/2009 7:28:05 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/13/2009
7:28:05 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message:
Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError
ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError&
ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob
copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String
sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

Error - 5/13/2009 7:36:50 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/13/2009
7:36:49 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The BITS service returned an error for the job with
the ID 'dd536555-f497-4d72-b346-dab3f753d402'; the job's name and description are
'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service
error message for this job is 'There are currently no active network connections.
Background Intelligent Transfer Service (BITS) will try again when an adapter is
connected. '. This job has been canceled, and the DownloaderManager will attempt
it again. If you see this error frequently, you may have a mis-configuration, or
another administrator process/user is canceling BITS jobs. It is also possible that
some mis-configuration of the Manifest file is causing BITS to have trouble with
a source or destination path; be sure that all SOURCE paths are valid URLs, and
that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite:
NULL HelpLink: NULL Source: NULL

Error - 5/13/2009 7:36:53 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/13/2009
7:36:53 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message:
Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError
ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError&
ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob
copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String
sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

Error - 5/13/2009 7:54:19 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/13/2009
7:54:17 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The BITS service returned an error for the job with
the ID '38a520b8-f34e-492c-a10b-ed6f91bb495d'; the job's name and description are
'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service
error message for this job is 'There are currently no active network connections.
Background Intelligent Transfer Service (BITS) will try again when an adapter is
connected. '. This job has been canceled, and the DownloaderManager will attempt
it again. If you see this error frequently, you may have a mis-configuration, or
another administrator process/user is canceling BITS jobs. It is also possible that
some mis-configuration of the Manifest file is causing BITS to have trouble with
a source or destination path; be sure that all SOURCE paths are valid URLs, and
that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite:
NULL HelpLink: NULL Source: NULL

Error - 5/13/2009 7:54:22 AM | Computer Name = ATKINS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: ATKINS ExceptionManager.TimeStamp: 5/13/2009
7:54:22 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
ATKINS\Sandra 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message:
Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError
ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError&
ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob
copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String
sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

[ System Events ]
Error - 5/12/2009 4:59:25 PM | Computer Name = ATKINS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/12/2009 4:59:27 PM | Computer Name = ATKINS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/12/2009 5:53:05 PM | Computer Name = ATKINS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/12/2009 5:55:29 PM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/12/2009 5:55:29 PM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 5/12/2009 9:17:05 PM | Computer Name = ATKINS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/12/2009 9:17:07 PM | Computer Name = ATKINS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/13/2009 7:28:33 AM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/13/2009 7:37:22 AM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/13/2009 7:54:55 AM | Computer Name = ATKINS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 13 May 2009 - 06:43 PM

Hi Sandra 2009,

We're making good progress.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\iunnp.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal


Then


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 Sandra 2009

Sandra 2009
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 14 May 2009 - 06:12 AM

I just tried to locate the file iunnp.dll in system32, and it's saying that file doesn't exist.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users