Results 1 to 10 of 22

Thread: can't load spybot software

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2011-02-13, 17:06 #1
    gotfish??
    gotfish?? is offline
    Junior Member
    Join Date
    May 2008
    Posts
    16

    Default can't load spybot software

    Hi,

    I can't load spybot software. The computer says that it can't connect to the internet. Also, the computer redirects itself to advertising sites all the time. i read FAQ and believe I am following what was requested. Thank you so much for your assistance.


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by aarons at 10:48:15.26 on Sun 02/13/2011
    Internet Explorer: 8.0.6001.18928
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1090 [GMT -5:00]

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\aarons\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    uStart Page = hxxp://www.aol.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
    mSearchAssistant =
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\aarons\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\users\aarons\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 93.188.162.73,93.188.161.6
    TCP: {66988BCC-89F2-4B15-8710-53F9E47416A1} = 93.188.162.73,93.188.161.6
    TCP: {6D7C7891-8054-4B11-ACDF-5A202579B650} = 93.188.162.73,93.188.161.6
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\aarons\appdata\roaming\mozilla\firefox\profiles\8yto91a7.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6d378&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
    FF - component: c:\program files\mozilla firefox\components\1413658.dll
    FF - component: c:\users\aarons\appdata\roaming\mozilla\firefox\profiles\8yto91a7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\aarons\appdata\roaming\mozilla\firefox\profiles\8yto91a7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\aarons\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============

    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-15 24652]
    R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
    R3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2_X86.sys [2009-10-22 238072]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-5 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

    =============== Created Last 30 ================

    2011-02-13 15:38:58 -------- d-----w- c:\users\aarons\spybot
    2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-01-25 09:52:36 2169621 ----a-w- c:\program files\mozilla firefox\components\1413658.dll

    ==================== Find3M ====================


    ============= FINISH: 10:49:18.50 ===============

    thank you
    Last edited by Blade81; 2011-02-14 at 12:25. Reason: Posts merged. Helpers look for topics with 0 replies.
  2. 2011-02-15, 02:00 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Your computer has been hijacked by the lovely people in the uKraine. If you cant access the internet than download this program from a known clean computer and transfer it by disk to the infected one.



    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-02-15, 03:13 #3
    gotfish??
    gotfish?? is offline
    Junior Member
    Join Date
    May 2008
    Posts
    16

    Default

    Hi,

    Thank you so much for your assistance. You all are the best! Here is the combofix txt.


    ComboFix 11-02-13.04 - aarons 02/14/2011 20:55:20.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1239 [GMT -5:00]
    Running from: c:\users\aarons\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\Uninstall
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\programdata\Desktop
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
    c:\windows\system32\drivers\snetcfg.exe
    c:\windows\system32\ndisapi.dll
    c:\windows\XSxS

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Service_MyWebSearchService


    ((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
    .

    2011-02-15 02:01 . 2011-02-15 02:06 -------- d-----w- c:\users\aarons\AppData\Local\temp
    2011-02-15 02:01 . 2011-02-15 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-13 15:47 . 2011-02-13 15:47 -------- d-----w- c:\program files\ERUNT
    2011-02-13 15:38 . 2011-02-13 15:39 -------- d-----w- c:\users\aarons\spybot
    2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-01-25 09:52 . 2011-01-25 09:52 2169621 ----a-w- c:\program files\Mozilla Firefox\components\1413658.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-25 09:52 . 2011-01-25 09:52 2169621 ----a-w- c:\program files\mozilla firefox\components\1413658.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2010-12-01 16:27 2735200 ----a-w- c:\program files\Zynga\tbZyng.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
    "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

    c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^aarons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^aarons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mafia Bot.lnk]
    path=c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mafia Bot.lnk
    backup=c:\windows\pss\Mafia Bot.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 00:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 00:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
    2009-07-08 07:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
    2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-17 11:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
    2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2009-01-30 15:34 1347584 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_X86.sys [2008-01-08 238072]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

    2011-02-14 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

    2011-02-15 c:\windows\Tasks\User_Feed_Synchronization-{CA9D7528-4056-4EE6-9506-44DB2AD90CCB}.job
    - c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    FF - ProfilePath - c:\users\aarons\AppData\Roaming\Mozilla\Firefox\Profiles\8yto91a7.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6d378&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    MSConfigStartUp-8JE5UHC6FZ - c:\users\aarons\AppData\Local\Temp\Ml1.exe
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    MSConfigStartUp-E6W0KD3FRD - c:\users\aarons\AppData\Local\Temp\Ml3.exe
    MSConfigStartUp-PC Pitstop Optimize Scheduler - c:\program files\PCPitstop\Optimize\PCPOptimize.exe
    MSConfigStartUp-strlfsmo - c:\users\aarons\AppData\Local\itvfwmtyo\dowjvfeshdw.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-14 21:06
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,1b,b6,38,2e,d7,74,44,89,64,97,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,1b,b6,38,2e,d7,74,44,89,64,97,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3996)
    c:\program files\Pure Networks\Network Magic\nmspce2.dll
    c:\program files\Pure Networks\Network Magic\nmrsrc.dll
    c:\windows\system32\pnidui.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-14 21:10:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-15 02:10

    Pre-Run: 225,666,330,624 bytes free
    Post-Run: 225,631,883,264 bytes free

    - - End Of File - - CA05ACF390A4843131525015B1B9FA94
  4. 2011-02-15, 10:08 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Go to your Programs and Features in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.


    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please





    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



    Post the log from Malwarebytes and the OTL log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2011-02-15, 13:28 #5
    gotfish??
    gotfish?? is offline
    Junior Member
    Join Date
    May 2008
    Posts
    16

    Default

    Hi,

    Thank you so much Ken.


    First report.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5767

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    2/15/2011 7:14:07 AM
    mbam-log-2011-02-15 (07-14-07).txt

    Scan type: Quick scan
    Objects scanned: 146910
    Time elapsed: 2 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\8JE5UHC6FZ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\E6W0KD3FRD (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\System32\regedt326.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
  6. 2011-02-15, 13:30 #6
    gotfish??
    gotfish?? is offline
    Junior Member
    Join Date
    May 2008
    Posts
    16

    Default

    OTL Extras logfile created on: 2/15/2011 7:16:31 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\aarons\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): c:\pagefile.sys 3054 3054 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 208.24 Gb Free Space | 73.48% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 0.01 Gb Free Space | 0.04% Space Free | Partition Type: NTFS

    Computer Name: BJS | User Name: aarons | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1BC5AED4-421F-4F2F-A78A-B5CDA623D058}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2E7C1DBB-8657-47EF-BD12-8C1813687E3C}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
    "{33F59245-0E66-4389-9D87-57A75280642C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{3446440B-6518-499D-9913-D7F77DCE8AE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{3AFE36D2-890C-4AD4-A27D-9E2975C29003}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3C7C7DBB-21CB-4B33-B606-01DB6998F4CE}" = lport=445 | protocol=6 | dir=in | app=system |
    "{453CF760-862C-42C6-B15A-8A9D58D1ECD8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{46A5E6C6-43C8-4B4B-A1E5-5ADAF4DE2535}" = lport=138 | protocol=17 | dir=in | app=system |
    "{548E1168-6378-4FA4-ADB2-B89C2C0A9B30}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{57D52F10-41E9-4B04-BE9E-958F8A8D2E61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
    "{8E68024D-EEA6-47C7-8DB6-C1D8E9F09D86}" = rport=139 | protocol=6 | dir=out | app=system |
    "{ADD09C7F-B16A-4382-982C-86CB9F7DF842}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B921BAB5-BC87-4724-A989-407F60B0AE96}" = lport=139 | protocol=6 | dir=in | app=system |
    "{DDE97D31-BE2C-4F05-AF4B-4F9F083DBD39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E5DEBA91-22B1-4BBD-9E54-C672AE0681CB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
    "{E6ED20C9-D9A5-45C5-85E0-F14A8B7F12F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{E9B0A3ED-2DC5-4A03-8611-D022570664B4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F03DAA20-C0C5-4F6C-AD0E-846EB4A05EEA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F6930EA1-F536-424B-82C9-F4F98FE79116}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{F80C927E-1CEB-46A4-A7B8-7C83FD8D8620}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FA56A295-9423-4C1A-A638-8894C9317701}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FFDD4BF4-B86D-4152-B099-D5E1EA8526D3}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07AB537C-C752-4FBB-A739-30EB05C8BB78}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
    "{0E689E41-ED2E-4E30-B0C7-B32675CD5B2C}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{12767525-48AB-49E7-BD5E-85EC678E2A71}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{15E2DB26-29E2-4854-8A86-4B9A60450BF8}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{16140373-2C4C-4D8C-B89B-1133BA3D9B3B}" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\game.dat |
    "{16313C30-176F-4744-A02E-BCBFC75FF98E}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
    "{18E0BBE9-A455-4999-B421-6D475F732267}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
    "{1F068B40-39E3-4763-A401-A86303D11FD1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{2FFFD23A-51D3-464C-90E3-E85A0F3E70C6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{337A9EE9-26E1-47C0-8048-AA56CAF9CF4E}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{47A2F7A8-13E2-476D-8367-B5CE7D9B3317}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{4E6CE5A9-F030-4A59-8D73-78960DC88AE9}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
    "{4FA6C460-E4EE-4AE1-8098-0BF85899CEC3}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{624BBD7E-2C42-4222-872C-1AF7D81131F2}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
    "{7D7C4199-7F0F-4E6C-8D4D-5132449C94BD}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
    "{80662496-342E-4F75-980C-C8491DA818E8}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
    "{8097A287-799A-4142-83A7-4B782FD77EB9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{8C795562-BC6F-4488-99A7-FD953737CC2F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{8D6C9DB0-6B3E-4C78-B8C6-137C8B9A0220}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{96BD85DB-2C20-46EC-81F5-FA25649A84E5}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{9DAAD456-375C-487C-B8F9-86FD4B0E351C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9ED0AE7F-7B27-4AF0-9CD6-2D466606E581}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{B104F2CE-9BF5-4A08-ACB4-409992DAB4B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B77B1DA8-BBCF-4849-8C51-368780BC1058}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
    "{BF16F275-13D7-4B8D-A36E-D360EFB7004E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{C71A25A4-458D-4DD9-AA3A-0EA72DE4B5C1}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{E0967DFF-13FA-4D58-B8AB-78C7E8CAC82C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E60E1589-DB09-4D6E-903B-563D217CE095}" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth (tm)\game.dat |
    "{F108740B-1E58-4A1C-87E5-F97EB54959BE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{FB9C0082-63F6-47DC-931F-E66710656620}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{FD27D2F6-1971-43A5-BFE1-4DBA484160A0}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
    "TCP Query User{2A390CA6-60E8-447C-8F3B-579698647E98}C:\windows\lmi2d66.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi2d66.tmp\lmi_rescue.exe |
    "TCP Query User{63E6502F-52F1-4A4E-9F7F-355D3DB798C9}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "TCP Query User{C2E94E27-DB6A-49BC-BBA6-9DEC6E880AE2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{F13C7853-A61A-4599-86A5-EEB09BDFA55C}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
    "UDP Query User{5F1B9FCD-9627-4D54-AD8C-F0302A8C38B4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{720952D7-7963-4DD7-AE01-837E506568E7}C:\windows\lmi2d66.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi2d66.tmp\lmi_rescue.exe |
    "UDP Query User{ADEC1060-C159-49A9-8807-3BF42AFCF090}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
    "UDP Query User{F85AD9C0-0716-4088-BA72-E4F541ECC9A2}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "AIM Toolbar" = AIM Toolbar
    "AIM_7" = AIM 7
    "cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "Dell Support Center" = Dell Support Center
    "ERUNT_is1" = ERUNT 1.1j
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "LameACM" = Lame ACM MP3 Codec
    "LimeWire" = LimeWire 5.5.8
    "Live Online Meeting™_is1" = Live Online Meeting™ 6.1.0.47
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "Network MagicUninstall" = Network Magic
    "PokerStars" = PokerStars
    "PokerStars.net" = PokerStars.net
    "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
    "Zynga Toolbar" = Zynga Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/25/2011 6:14:59 AM | Computer Name = BJs | Source = Windows Backup | ID = 4104
    Description =

    Error - 1/25/2011 12:00:02 PM | Computer Name = BJs | Source = Perflib | ID = 1010
    Description =

    Error - 1/25/2011 12:00:04 PM | Computer Name = BJs | Source = Perflib | ID = 1008
    Description =

    Error - 1/26/2011 12:00:03 PM | Computer Name = BJs | Source = Perflib | ID = 1010
    Description =

    Error - 1/27/2011 12:00:01 PM | Computer Name = BJs | Source = Perflib | ID = 1010
    Description =

    Error - 1/27/2011 12:00:02 PM | Computer Name = BJs | Source = Perflib | ID = 1008
    Description =

    Error - 1/28/2011 12:00:03 PM | Computer Name = BJs | Source = Perflib | ID = 1010
    Description =

    Error - 1/28/2011 12:00:04 PM | Computer Name = BJs | Source = Perflib | ID = 1008
    Description =

    Error - 1/30/2011 12:00:02 PM | Computer Name = BJs | Source = Perflib | ID = 1010
    Description =

    Error - 1/30/2011 12:00:04 PM | Computer Name = BJs | Source = Perflib | ID = 1008
    Description =

    [ System Events ]
    Error - 2/11/2011 5:42:14 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/12/2011 5:13:00 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/12/2011 5:13:08 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/13/2011 9:55:14 AM | Computer Name = BJs | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/14/2011 9:38:47 PM | Computer Name = BJs | Source = Print | ID = 54
    Description = Document "BEFORE you POST"(READ this... failed to print and was deleted
    because of corruption in the spooled file. The associated driver is: HP DeskJet
    950C/952C/959C. Try printing the document again.

    Error - 2/14/2011 9:54:06 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/14/2011 9:54:29 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/14/2011 10:02:43 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/14/2011 10:02:48 PM | Computer Name = BJs | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/15/2011 4:02:01 AM | Computer Name = BJs | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =


    < End of report >
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules