Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCOM Error


  • Please log in to reply
8 replies to this topic

#1 tool75077

tool75077

  • Banned
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 09 September 2009 - 06:42 PM

just recently as of friday i have started getting a DCOM error that is showing up in the event viewer. i haven't installed anything lately. so i don't have a clue what it is.

the error is:

Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"The system cannot find the file specified. "
Happened while starting this command:
-Embedding


i have included a OTListIt2 list:

@OTListIt logfile created on: 9/9/2009 6:31:11 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4606 4800;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 489.52 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 12.26 Gb Free Space | 4.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON-D6OKJ2TU4
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/08/17 03:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/01/20 23:34:26 | 00,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/05/26 21:48:54 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2009/08/04 08:01:14 | 18,702,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/12/15 17:41:22 | 04,994,560 | ---- | M] (WindowsCare Technology Inc.) -- C:\Program Files\Memory Improve Ultimate\MemoryImproveUltimate.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/09 12:32:08 | 00,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
PRC - [2008/01/09 12:28:58 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009/05/26 21:48:54 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2009/04/15 09:42:54 | 00,186,912 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/02/22 09:22:51 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/15 09:42:52 | 00,133,664 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/07/25 09:48:38 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2009/04/27 11:39:50 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 13:13:02 | 00,832,808 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/21 07:08:15 | 00,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/08/16 17:04:42 | 01,037,312 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2009/03/14 07:22:06 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/01/20 23:34:26 | 00,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2008/07/12 09:50:36 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (EhttpSrv [On_Demand | Stopped])
SRV - File not found -- -- (ekrn [Auto | Stopped])
SRV - [2009/01/03 14:46:16 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/01/26 10:04:30 | 02,351,936 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files\GameTracker\GSInGameService.exe -- (GS In-Game Service [Disabled | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/01/09 12:30:08 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Auto | Running])
SRV - [2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/05/26 21:48:54 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2009/04/15 09:42:54 | 00,186,912 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2009/08/17 03:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/02/22 09:22:51 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2007/10/15 20:46:08 | 00,243,056 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Disabled | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/07/25 09:48:35 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/07/25 09:48:38 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/04/27 11:39:50 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService [Auto | Running])
SRV - [2009/07/15 11:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008/08/05 13:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt [On_Demand | Stopped])
DRV - [2009/05/26 21:48:54 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2008/08/01 08:27:35 | 00,099,648 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2008/07/21 07:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2004/10/25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/07/14 12:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/09/14 09:38:33 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/08/05 10:38:22 | 05,874,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/04/11 15:32:30 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2007/11/29 02:17:48 | 00,035,088 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/11/29 02:17:56 | 00,036,368 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])
DRV - [2006/01/04 08:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt [On_Demand | Stopped])
DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/05/26 21:48:54 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2009/08/17 00:57:00 | 07,729,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/01/29 12:37:46 | 00,054,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/01/29 12:37:48 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009/03/09 12:25:12 | 00,038,304 | ---- | M] (NVIDIA Corp.) -- C:\WINDOWS\system32\DRIVERS\nvoclock.sys -- (nvoclock [On_Demand | Running])
DRV - [2008/06/19 18:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2009/01/03 15:13:09 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/09 05:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/04/10 11:41:52 | 00,026,368 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiClass [On_Demand | Stopped])
DRV - [2003/04/10 11:42:56 | 00,048,384 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys -- (SaiNtHid [On_Demand | Stopped])
DRV - [2003/04/10 11:42:32 | 00,019,200 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys -- (SaiNtSub [On_Demand | Stopped])
DRV - [2009/07/26 21:43:18 | 00,058,908 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/02/13 18:41:26 | 00,025,896 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\scramby.sys -- (scramby [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/06/12 20:32:22 | 00,134,272 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380 [Boot | Running])
DRV - [2009/06/12 20:32:33 | 00,971,552 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174 [Boot | Running])
DRV - [2009/06/12 20:32:28 | 00,044,704 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2009/06/12 20:32:28 | 00,540,000 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])
DRV - [2007/08/01 22:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2007/11/03 00:12:32 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKU\S-1-5-21-73586283-706699826-725345543-1003\S-1-5-21-73586283-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-706699826-725345543-1003\S-1-5-21-73586283-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - presf.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig#restore"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {94B08592-E5B4-45ff-A0BE-C1D975458688}:0.4.1
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: sbicon@max.max:0.7
FF - prefs.js..extensions.enabledItems: tabsopenrelative@jomel.me.uk:0.4
FF - prefs.js..extensions.enabledItems: bearbluebaby@loic.com:2.1.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:1.1
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.2.5
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:4.2.2.5
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.121408
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/07/09 21:53:08 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/04/25 23:30:41 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/30 17:46:03 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/08/29 16:54:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Extensions [2009/04/18 07:23:47 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/12 10:12:19 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/04/18 07:23:47 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Extensions\songbird@songbirdnest.com [2008/12/21 22:09:11 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions [2009/09/09 07:54:51 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2009/07/18 09:44:20 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}(2) [2009/04/29 19:42:49 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/10 07:26:15 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66} [2008/12/18 13:38:35 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/07/17 10:37:42 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{3242A75D-D5DE-4AF2-B86E-3823E1201CD2} [2008/08/21 17:17:48 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2009/07/31 07:13:59 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{94B08592-E5B4-45ff-A0BE-C1D975458688} [2008/07/12 17:34:58 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236} [2009/01/01 19:06:11 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/13 12:02:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2009/04/29 19:42:53 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764} [2008/07/12 17:37:51 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\{ff356687-aa08-463d-a46c-11c451824939} [2008/07/12 17:38:13 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\bearbluebaby@loic.com [2009/01/01 19:02:24 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\sbicon@max.max [2009/04/30 06:15:03 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\vmfl080o.default\extensions\tabsopenrelative@jomel.me.uk [2009/07/15 07:10:38 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/09/09 07:54:51 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/04 09:31:20 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/08/03 14:27:55 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/04/25 23:30:52 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/08/05 18:23:50 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-706699826-725345543-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-706699826-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-73586283-706699826-725345543-1003\..\Toolbar\WebBrowser: (no name) - {CB789373-04D5-4EF4-9C16-871463FD0830} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-73586283-706699826-725345543-1003..\Run: [Memory Improve Ultimate] C:\Program Files\Memory Improve Ultimate\MemoryImproveUltimate.exe /autorun (WindowsCare Technology Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-73586283-706699826-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Value error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1215839386531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215891062343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 11:38:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Program Files\*.tmp files]
[2015/07/29 22:56:38 | 00,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon(2).dll
[2015/07/29 22:49:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2015/07/29 22:41:31 | 00,000,257 | ---- | C] () -- C:\Boot.bak
[2015/07/29 22:41:30 | 00,260,272 | ---- | C] () -- C:\cmldr
[2015/07/29 22:16:21 | 00,491,040 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2015/07/29 22:16:21 | 00,024,864 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2015/07/29 22:16:21 | 00,009,740 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2015/07/29 22:16:21 | 00,004,424 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2015/07/29 22:09:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/09/09 18:29:47 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTListIt2.exe
[2009/09/09 18:29:38 | 00,492,203 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\OTListIt2.zip
[2009/09/08 23:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Memory Improve Ultimate
[2009/09/08 22:54:06 | 00,000,000 | ---D | C] -- C:\symbols
[2009/09/08 22:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2009/09/08 22:41:54 | 00,090,112 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Mini090809-02.dmp
[2009/09/07 21:13:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/07 20:58:34 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/07 20:56:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/07 20:56:06 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/09/07 20:53:50 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/07 20:53:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/07 12:29:27 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/09/07 12:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/09/07 12:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/09/07 12:23:01 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009(2)
[2009/09/06 08:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\SUPERAntiSpyware.com
[2009/09/06 08:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/06 08:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/05 22:48:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/09/05 17:01:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\New Folder
[2009/09/05 02:12:11 | 00,000,000 | --SD | C] -- C:\My Metal
[2009/09/05 01:19:56 | 00,000,000 | --SD | C] -- C:\Proggys and info
[2009/09/01 23:57:35 | 00,021,816 | ---- | C] () -- C:\WINDOWS\System32\tcpipbak.reg
[2009/09/01 23:57:32 | 00,262,144 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbaListView6.ocx
[2009/09/01 23:57:32 | 00,245,760 | ---- | C] (LansSoft Studio) -- C:\WINDOWS\System32\aUpdateNow.ocx
[2009/09/01 23:57:32 | 00,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2009/09/01 23:57:32 | 00,094,208 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalIml6.ocx
[2009/09/01 23:57:32 | 00,065,536 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalProgBar6.ocx
[2009/09/01 23:57:32 | 00,053,248 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2009/09/01 23:57:32 | 00,049,152 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalAVI6.ocx
[2009/09/01 23:57:32 | 00,032,768 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\ServiceRepair.exe
[2009/09/01 23:57:32 | 00,000,674 | ---- | C] () -- C:\WINDOWS\ie-ads-uninst.reg
[2009/09/01 23:57:31 | 00,061,440 | ---- | C] (MKC Computers) -- C:\WINDOWS\System32\mkcHyperlink.ocx
[2009/09/01 23:57:31 | 00,032,768 | ---- | C] (Sanx Consulting) -- C:\WINDOWS\System32\svcmgr.ocx
[2009/09/01 22:20:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\WinPatrol
[2009/09/01 22:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/09/01 18:31:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Comodo
[2009/09/01 18:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/08/30 19:09:48 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\employment verification.wps
[2009/08/30 13:33:24 | 00,000,328 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\UBC TCAdmin.url
[2009/08/29 16:55:46 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/29 16:55:39 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/29 16:55:39 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/29 16:55:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/29 16:55:31 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/29 16:55:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/08/29 16:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\PC Tools
[2009/08/29 16:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/29 16:54:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\My Google Gadgets
[2009/08/29 11:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/08/23 20:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\Dora Lost City
[2009/08/23 20:33:06 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/23 13:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Disney Interactive Studios
[2009/08/23 13:25:34 | 00,000,000 | ---D | C] -- C:\Program Files\DisneyInteractiveStudios
[2009/08/23 13:16:41 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/08/23 12:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2009/08/23 11:25:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2009/08/23 11:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/08/23 11:24:57 | 00,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/08/23 11:09:31 | 00,005,836 | R--- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2009/08/23 11:09:23 | 00,002,016 | R--- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2009/08/23 11:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/08/23 02:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/08/22 20:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Temp
[2009/08/22 18:38:46 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/08/22 11:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\DriverGenius
[2009/08/20 13:04:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2009/08/20 13:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009/08/17 03:03:00 | 00,250,152 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/08/17 03:03:00 | 00,066,834 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/08/17 00:57:00 | 01,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/16 10:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2009/08/16 10:44:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2009/08/16 10:43:51 | 00,101,496 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2009/08/13 14:53:54 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/12 01:40:17 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 01:40:12 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/11 19:49:19 | 00,161,792 | R--- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/11 19:49:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/11 19:49:19 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/11 19:49:19 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/11 19:49:19 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/11 19:48:02 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2015/07/29 23:26:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\System32\SpywareCease.lie
[2015/07/29 23:11:01 | 00,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090801-212956.backup
[2015/07/29 22:56:24 | 00,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon(2).dll
[2015/07/29 22:46:46 | 00,024,864 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2015/07/29 22:46:45 | 00,009,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2015/07/29 22:46:45 | 00,004,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2015/07/29 22:46:44 | 00,491,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/09 18:29:39 | 00,492,203 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\OTListIt2.zip
[2009/09/09 03:11:57 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/09 03:11:21 | 00,250,152 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/09/09 03:11:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/09 03:10:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/08 22:39:17 | 00,090,112 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Mini090809-02.dmp
[2009/09/08 22:36:13 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Settings.cfg
[2009/09/08 21:54:34 | 00,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/08 21:54:20 | 00,202,448 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/09/08 20:48:58 | 00,000,321 | RHS- | M] () -- C:\boot.ini
[2009/09/08 13:33:56 | 00,228,864 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 21:06:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/07 21:06:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/07 20:09:36 | 00,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\DefragExpress.job
[2009/09/06 17:25:58 | 01,583,202 | -H-- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\IconCache.db
[2009/09/06 13:32:43 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/03 23:29:06 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Jason\My Documents\Default.rdp
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/02 22:58:41 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/01 23:57:35 | 00,021,816 | ---- | M] () -- C:\WINDOWS\System32\tcpipbak.reg
[2009/08/30 19:09:45 | 00,005,120 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\employment verification.wps
[2009/08/30 13:35:10 | 00,000,328 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\UBC TCAdmin.url
[2009/08/28 06:32:12 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2009/08/25 08:47:52 | 00,146,824 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/24 19:03:26 | 02,300,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/23 20:33:06 | 00,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2009/08/23 11:05:29 | 00,000,257 | ---- | M] () -- C:\Boot.bak
[2009/08/17 03:03:00 | 00,066,834 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/08/17 00:57:00 | 01,597,690 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/17 00:57:00 | 00,019,495 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/08/13 14:53:54 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/11 14:18:51 | 00,523,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/11 14:18:51 | 00,103,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFDCA54
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE70D73
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDA1399A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15DE523E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A4C922
< End of report >



any help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:05 PM

Posted 09 September 2009 - 07:13 PM

Whatever is attempting to run when this error pops up...probably needs to be uninstalled/reinstalled, following cues from PA Bear at http://www.howtofixcomputers.com/forums/wi...com-237460.html

Louis

#3 tool75077

tool75077
  • Topic Starter

  • Banned
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 10 September 2009 - 01:13 PM

thanks but that didn't help me.

from what i read of that. the person was having a problem while running a game. i get the error all the time. even if the computer is running idle.

#4 joseibarra

joseibarra

  • Members
  • 1,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:05 PM

Posted 10 September 2009 - 03:43 PM

Did you see the error in the Event Viewer or type it in?

To open EV, click Start, Run and the box type (or copy/paste):

%SystemRoot%\system32\eventvwr.msc /s

Click OK, find the System section, double click the DCOM error(s) to open.

Under the up/down arrow buttons is a third button that looks like two pages. Click it to copy the event to your clipboard, then paste it back here.

There appears to have been a lot of "activity" on your system lately, and I am curious of some things in that log but I have never seen an OTListIt2 log. Have you been trying various things to figure this out for a little while?

You might need to get moved to the Am I Infected section (or something like that), but let's look at your DCOM error.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#5 tool75077

tool75077
  • Topic Starter

  • Banned
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 10 September 2009 - 06:29 PM

yes i saw the error in the event viewer.

Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"The system cannot find the file specified. "
Happened while starting this command:
 -Embedding

and yes since friday ive been tryin to figure out why i am getting that error. ive uninstalled a ton of stuff to see if maybe one of my programs was the problem. but the results are still the same.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:05 PM

Posted 10 September 2009 - 06:45 PM

Some with this error...seem to indicate malware problems.

Louis

#7 joseibarra

joseibarra

  • Members
  • 1,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:05 PM

Posted 10 September 2009 - 07:14 PM

Just making sure!

I would like to change my "curious" to "suspicious".

I think the best place to go next is AII. ?

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#8 tool75077

tool75077
  • Topic Starter

  • Banned
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 10 September 2009 - 08:06 PM

Some with this error...seem to indicate malware problems.

Louis



i have scanned with MBAM, and i run nod32. i even went as far as running combofix and the system was clean. but ill go and make a post in the security section. thanks for the help you could provide! thanks guys!

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:05 PM

Posted 10 September 2009 - 08:11 PM

If nothing else, it's a good start to eliminate the possibility of malware via our AII forum, IMO.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users