Jump to content

mgarlitz

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral

About mgarlitz

  • Birthday 04/13/1960

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  1. P.S. Closed all programs and ran Avira AntiVir by itself. It found two infections. It could not delete the files, but it moved the files. Things appear to be working for now. Here's the log. Avira AntiVir Premium Report file date: Wednesday, December 09, 2009 11:01 Scanning for 1425487 virus strains and unwanted programs. Licensee : mark garlitz Serial number : 2204971733-PEPWE-0001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : OFFICE Version information: BUILD.DAT : 9.0.0.455 24915 Bytes 12/2/2009 16:05:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/3/2009 17:13:25 AVSCAN.DLL : 9.0.3.0 40705 Bytes 12/3/2009 17:13:22 LUKE.DLL : 9.0.3.2 209665 Bytes 12/3/2009 17:14:10 LUKERES.DLL : 9.0.2.0 12033 Bytes 12/3/2009 17:14:10 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:12:39 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:12:52 VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 17:12:52 VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 17:12:52 VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 17:12:52 VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 17:12:52 VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 17:12:52 VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 17:12:52 VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 17:12:53 VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 17:12:53 VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 17:12:53 VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 17:12:53 VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 17:12:53 VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 17:12:55 VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 17:12:56 VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 18:54:14 VBASE016.VDF : 7.10.1.179 2048 Bytes 12/7/2009 18:54:14 VBASE017.VDF : 7.10.1.180 2048 Bytes 12/7/2009 18:54:14 VBASE018.VDF : 7.10.1.181 2048 Bytes 12/7/2009 18:54:15 VBASE019.VDF : 7.10.1.182 2048 Bytes 12/7/2009 18:54:15 VBASE020.VDF : 7.10.1.183 2048 Bytes 12/7/2009 18:54:15 VBASE021.VDF : 7.10.1.184 2048 Bytes 12/7/2009 18:54:16 VBASE022.VDF : 7.10.1.185 2048 Bytes 12/7/2009 18:54:16 VBASE023.VDF : 7.10.1.186 2048 Bytes 12/7/2009 18:54:16 VBASE024.VDF : 7.10.1.187 2048 Bytes 12/7/2009 18:54:16 VBASE025.VDF : 7.10.1.188 2048 Bytes 12/7/2009 18:54:18 VBASE026.VDF : 7.10.1.189 2048 Bytes 12/7/2009 18:54:18 VBASE027.VDF : 7.10.1.190 2048 Bytes 12/7/2009 18:54:18 VBASE028.VDF : 7.10.1.191 2048 Bytes 12/7/2009 18:54:18 VBASE029.VDF : 7.10.1.192 2048 Bytes 12/7/2009 18:54:18 VBASE030.VDF : 7.10.1.193 2048 Bytes 12/7/2009 18:54:19 VBASE031.VDF : 7.10.1.205 68608 Bytes 12/9/2009 14:53:52 Engineversion : 8.2.1.102 AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 12:38:52 AESCRIPT.DLL : 8.1.2.45 586108 Bytes 12/3/2009 17:00:42 AESCN.DLL : 8.1.2.5 127346 Bytes 11/8/2009 12:38:46 AESBX.DLL : 8.1.1.1 246132 Bytes 12/3/2009 17:13:02 AERDL.DLL : 8.1.3.4 479605 Bytes 12/3/2009 17:00:40 AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 12:38:40 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 12:38:38 AEHEUR.DLL : 8.1.0.186 2183544 Bytes 12/7/2009 12:54:16 AEHELP.DLL : 8.1.8.0 237942 Bytes 12/7/2009 12:54:04 AEGEN.DLL : 8.1.1.80 364917 Bytes 12/7/2009 12:54:02 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26 AECORE.DLL : 8.1.8.5 180598 Bytes 12/3/2009 17:00:26 AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/3/2009 17:13:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 12/3/2009 17:13:22 AVREP.DLL : 8.0.0.3 155905 Bytes 12/3/2009 17:15:21 AVREG.DLL : 9.0.0.0 36609 Bytes 12/3/2009 17:13:22 AVARKT.DLL : 9.0.0.3 292609 Bytes 12/3/2009 17:13:05 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 12/3/2009 17:13:13 SQLITE3.DLL : 3.6.1.0 326401 Bytes 12/3/2009 17:14:30 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 12/3/2009 17:14:27 NETNT.DLL : 9.0.0.0 11521 Bytes 12/3/2009 17:14:12 RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 12/3/2009 17:09:26 RCTEXT.DLL : 9.0.74.0 90369 Bytes 12/3/2009 17:09:27 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Wednesday, December 09, 2009 11:01 Starting search for hidden objects. '58398' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'OSE.EXE' - '1' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'WFXSWTCH.exe' - '1' Module(s) have been scanned Scan process 'WFXSNT40.EXE' - '1' Module(s) have been scanned Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned Scan process 'avmailc.exe' - '1' Module(s) have been scanned Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wlcomm.exe' - '1' Module(s) have been scanned Scan process 'robotaskbaricon.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'mbamgui.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'mbamservice.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'ForceField.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '58' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\All Users\Application Data\SP\sp.dll [DETECTION] Is the TR/Proxy.Agent.byf Trojan C:\Downloads\zapSetup_90_083_000_en.exe [0] Archive type: ZIP SFX (self extracting) --> SWITCHUNINST_44ZONE LABS.EXE [1] Archive type: RSRC --> WINDOWS6.0-KB929547-V2-X64.MSU [1] Archive type: CAB (Microsoft) --> Windows6.0-KB929547-v2-x64.cab [WARNING] No further files can be extracted from this archive. The archive will be closed C:\System Volume Information\_restore{0D971214-FBFD-4F40-964F-73E229C9CA9E}\RP1\A0001110.dll [DETECTION] Is the TR/Proxy.Agent.byf Trojan Beginning disinfection: C:\Documents and Settings\All Users\Application Data\SP\sp.dll [DETECTION] Is the TR/Proxy.Agent.byf Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK library. [NOTE] The file was moved to '4f6de296.qua'! C:\System Volume Information\_restore{0D971214-FBFD-4F40-964F-73E229C9CA9E}\RP1\A0001110.dll [DETECTION] Is the TR/Proxy.Agent.byf Trojan [NOTE] The file was moved to '4b4fd26e.qua'! End of the scan: Wednesday, December 09, 2009 11:37 Used time: 34:22 Minute(s) The scan has been done completely. 8670 Scanned directories 344891 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 344887 Files not concerned 3522 Archives were scanned 4 Warnings 4 Notes 58398 Objects were scanned with rootkit scan 0 Hidden objects were found
  2. AntiVir Guard software keeps popping up a TR/Proxy.Agent.BYF warning when I try to open IE8. Avtivir reference file SP.DLL, located at c:\documents and setting\all users\application data\sp\sp.dll I have tried the options provided by AntiVir Guard ... move to quarantine, delete, overwrite and delete, and deny access. Everytime I re-open IE8, the AntiVir popup warning pops up. I tried running Malwarebytes and AntiVir Guard popup warning pops up. Not sure where to go from here, so I'm asking for your expert help. THANKS IN ADVANCE!
  3. DONE! FINISHED! COMPLETE! Does this forum service have a way to donate to? THANKS!!!!!! Mark
  4. This whole virus issue has left me feeling like a ditz! When I rebooted the machine ComboFix is now gone from the desktop.
  5. Problem. ComboFix.exe is in my desktop folder. Specifically C:\Documents and Settings\Administrator\Desktop When I try to RUN the combofix /u it says that Windows cannot find ComboFix. BUT, if I double click on the desktop icon, ComboFix, I am asked if I want to run the program. I will work on the rest of your instructions unitl I hear from you.
  6. Maurice, If you think you'll have more work for me yet this evening, I'll need to shift some appointments. Just let me know. My computer takes priority over everything else. I appreciate your help! Mark
  7. OTL logfile created on: 12/2/2009 5:04:18 PM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.64% Memory free 3.35 Gb Paging File | 2.90 Gb Available in Paging File | 86.66% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 254.99 Gb Free Space | 85.54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OFFICE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/02 17:03:24 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/11/25 15:49:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/11/25 15:49:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/11/23 08:43:26 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009/10/29 16:55:43 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe PRC - [2009/01/15 07:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe ========== Modules (SafeList) ========== MOD - [2009/12/02 17:03:24 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (WinDefend) SRV - File not found -- -- (PLFlash DeviceIoControl Service) SRV - File not found -- -- (Lavasoft Ad-Aware Service) SRV - [2009/12/02 14:21:19 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SP\sp.dll -- (SPService) SRV - [2009/11/25 15:49:05 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/01/15 07:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3) SRV - [2008/11/19 16:22:32 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008/11/08 10:23:51 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c941b647c40b8) Google Update Service (gupdate1c941b647c40b8) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/10/02 13:55:48 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-090808-172447) SRV - [2007/02/07 15:29:50 | 00,173,616 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2000/09/28 22:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc) SRV - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - [2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/07/15 12:26:54 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin) DRV - [2009/03/24 06:03:08 | 00,007,808 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI) DRV - [2009/01/15 07:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/08/21 22:49:58 | 00,008,320 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2008/08/21 22:49:22 | 00,018,688 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/09/25 09:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2007/07/26 08:25:12 | 00,039,808 | R--- | M] () -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) DRV - [2007/06/18 19:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2007/06/18 03:01:28 | 00,514,560 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb) DRV - [2006/12/19 08:36:54 | 01,160,504 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2006/12/19 08:36:46 | 00,090,936 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006/12/19 08:36:42 | 00,156,984 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006/12/19 08:36:36 | 00,014,648 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006/12/19 08:36:32 | 00,128,312 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006/12/19 08:35:40 | 00,511,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006/11/08 02:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32) DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh) DRV - [2006/11/02 15:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006/08/23 09:54:22 | 00,042,752 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2006/08/17 11:23:00 | 00,340,176 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2006/06/16 18:55:20 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2006/04/24 19:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006/02/17 06:28:32 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/02/17 06:28:30 | 00,034,176 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/02/07 14:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO) DRV - [2005/12/17 00:56:00 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2005/12/17 00:56:00 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2005/12/17 00:56:00 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2005/10/27 02:06:30 | 00,356,096 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2005/09/23 17:56:28 | 03,966,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/08/08 15:52:58 | 01,035,008 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\USR_MDMV.sys -- (HSF_DPV) DRV - [2005/08/08 15:52:16 | 00,231,168 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\USR_BSC2.sys -- (HSFHWBS2) DRV - [2005/08/08 15:52:12 | 00,729,728 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_USR.sys -- (winachsf) DRV - [2005/06/24 18:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2005/05/26 11:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2005/05/26 11:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2005/03/21 11:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum) DRV - [2004/12/21 16:16:28 | 00,141,990 | ---- | M] (ALinx Corporation) -- C:\WINDOWS\system32\drivers\m4301A.sys -- (m4301a) DRV - [2004/10/08 07:01:47 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/12 21:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/03/17 12:04:14 | 00,013,059 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2001/11/07 01:00:00 | 00,166,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\webc3vid.sys -- (CTL511Plus) Video Blaster WebCam 3/WebCam Plus (WDM) DRV - [1999/10/21 11:12:52 | 00,020,400 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://radar.weather.gov/ridge/Conus/full_loop.php IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/06/07 06:59:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 23:02:09 | 00,000,000 | ---D | M] [2009/11/30 11:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2009/05/21 14:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1tkfagyr.default\extensions [2009/05/21 14:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1tkfagyr.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228} [2009/05/21 14:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1tkfagyr.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2009/05/21 14:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1tkfagyr.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2009/05/21 14:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1tkfagyr.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2009/05/21 14:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1tkfagyr.default\extensions\piclens@cooliris.com [2009/12/02 16:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\szo95i04.default\extensions [2009/12/02 16:23:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/30 14:05:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll O1 HOSTS File: (357802 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 12308 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab (Reg Error: Key error.) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (Reg Error: Key error.) O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://oaklandcam.iceweb.net/wg_webeye.cab (Web Camera Server Control) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class) O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://betaimg.sling.com/sli/sling_player_...er.cab?1.1.0.38 (Reg Error: Key error.) O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22.com/view22/app/view22rte.cab (View22RTE Class) O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in) O16 - DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} http://aic.lgservice.com:9001/ozserver31/V.../ZTransferX.cab (ZTransferX Control) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://trafficcams.cet.unomaha.edu/activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15034/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.165.1.2 12.165.1.3 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WINDOW~4\MpShHook.dll File not found O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/02 17:03:24 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/12/02 08:05:19 | 00,000,000 | ---D | C] -- C:\~ErdUserProfile.$$$ [2009/11/30 15:18:02 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/11/30 15:18:02 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/11/30 15:18:02 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/11/30 15:18:01 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/11/30 15:18:01 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/11/30 15:18:01 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/11/30 15:18:01 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/11/30 15:18:01 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/11/30 15:17:51 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/11/30 12:17:10 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009/11/29 19:34:16 | 00,000,000 | ---D | C] -- C:\RootRepeal [2009/11/29 18:02:09 | 00,000,000 | ---D | C] -- C:\DCE [2009/11/29 17:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/27 15:24:03 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2009/11/27 11:37:25 | 00,042,752 | R--- | C] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\jraid_2.sys [2009/11/27 11:36:20 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/27 11:30:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/27 11:30:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/27 11:30:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/27 11:30:38 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/27 11:30:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/27 11:29:57 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/27 10:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/27 10:33:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SP [2009/11/27 10:21:53 | 00,000,000 | ---D | C] -- C:\ErdUndoCache [2009/11/27 10:18:23 | 00,092,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDartCmn.dll [2009/11/27 10:18:23 | 00,061,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MsDartSR.exe [2009/11/25 16:58:55 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstallation.exe [2009/11/25 16:51:24 | 09,034,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mssefullinstall-x86fre-en-us-xp.exe [2009/11/25 15:49:21 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/25 15:49:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/25 15:49:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/25 15:49:21 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/24 08:07:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/11/23 08:53:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromium [2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2009/07/15 12:26:54 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys [2005/08/07 17:13:46 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/02 17:03:24 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/12/02 17:02:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/02 17:01:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/12/02 16:55:56 | 00,003,768 | ---- | M] () -- C:\WINDOWS\ECCO.CFX [2009/12/02 16:55:56 | 00,000,271 | ---- | M] () -- C:\WINDOWS\ecco.fdb [2009/12/02 16:53:49 | 00,001,240 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/02 16:52:04 | 04,019,010 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Vernon's Local as of 070709.eco [2009/12/02 14:58:10 | 00,012,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/02 14:57:47 | 00,201,045 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/02 14:57:39 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/12/02 14:57:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/02 14:57:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/02 14:57:19 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys [2009/12/02 12:57:13 | 01,112,765 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DHPP_ZIP_Codes_112409(1).xlsx [2009/12/02 10:13:39 | 00,020,522 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\bookmarklatest.htm [2009/12/02 10:10:09 | 47,744,7168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\outlook backup.pst [2009/12/02 10:03:43 | 00,556,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/02 10:03:43 | 00,465,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/02 10:03:43 | 00,079,572 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/02 09:58:57 | 11,276,288 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2009/12/02 09:58:57 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2009/12/02 09:58:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/02 09:58:55 | 00,000,210 | -H-- | M] () -- C:\boot.ini [2009/12/02 08:47:13 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2009/11/30 16:19:28 | 00,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000007-00001102-00000005-00211102}.rfx [2009/11/30 16:19:28 | 00,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000007-00001102-00000005-00211102}.rfx [2009/11/30 16:19:28 | 00,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000007-00001102-00000005-00211102}.rfx [2009/11/30 16:19:28 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/11/30 16:19:28 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2009/11/30 16:15:58 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/11/30 15:18:02 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/11/30 15:18:01 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/11/30 12:00:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\Registry Medic Schedule.job [2009/11/30 11:50:59 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/11/29 17:44:52 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/29 17:44:46 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk [2009/11/29 17:44:46 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk [2009/11/27 15:58:22 | 00,357,802 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/27 15:58:09 | 00,357,802 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091127-155822.backup [2009/11/27 15:24:24 | 00,005,716 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20091127_152421.reg [2009/11/27 11:48:21 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091127-155809.backup [2009/11/27 11:16:38 | 03,577,870 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/11/27 10:50:22 | 00,010,283 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Forum.docx [2009/11/27 10:49:14 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/11/25 17:04:15 | 00,362,297 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091127-093308.backup [2009/11/25 16:59:16 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstallation.exe [2009/11/25 16:51:53 | 09,034,488 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mssefullinstall-x86fre-en-us-xp.exe [2009/11/25 15:49:05 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/25 15:49:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/25 15:49:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/25 15:49:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/25 15:49:05 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/25 15:45:12 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20091125_154510.reg [2009/11/25 15:44:54 | 00,022,930 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20091125_154450.reg [2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/11/24 18:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/11/24 18:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/11/24 16:42:35 | 00,012,632 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2009/11/24 16:25:18 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/11/24 08:07:33 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/11/23 18:12:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/23 08:57:48 | 00,002,321 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chromium.lnk [2009/11/21 12:17:18 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe [2009/11/19 16:27:18 | 02,802,967 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\isled-quick-start-guide-feb-2006[1].pdf [2009/11/16 15:26:47 | 00,013,247 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CE Marketing Claim Form _Distribution DLR CLAIM FORM 110409.xlsx [2009/11/16 08:30:24 | 00,233,715 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Windows Seven Product Key.pdf [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/11 08:29:30 | 00,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2009/11/06 15:16:32 | 00,010,402 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lee check 110609.docx [2009/11/04 09:46:13 | 01,646,080 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WHR_PS1_7109Rev.xls [2009/11/04 08:50:22 | 00,079,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/11/03 13:48:00 | 00,166,342 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Q3_2009__DISH'n_It_Up_Business_Rules_081909[1].pdf [2009/11/03 11:35:27 | 00,052,766 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Retailer Purchase Order Form 110309.xlsx [2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/02 12:57:12 | 01,112,765 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DHPP_ZIP_Codes_112409(1).xlsx [2009/12/02 10:13:39 | 00,020,522 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\bookmarklatest.htm [2009/12/02 10:04:20 | 47,744,7168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\outlook backup.pst [2009/12/02 09:59:49 | 21,459,64032 | -HS- | C] () -- C:\hiberfil.sys [2009/11/30 16:15:58 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/11/30 15:18:02 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/11/30 15:17:51 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/11/30 11:50:59 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/11/29 17:44:52 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/29 17:44:46 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk [2009/11/29 17:44:46 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk [2009/11/27 15:24:22 | 00,005,716 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20091127_152421.reg [2009/11/27 11:36:25 | 00,000,210 | ---- | C] () -- C:\Boot.bak [2009/11/27 11:36:22 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/27 11:30:38 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/27 11:30:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/27 11:30:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/27 11:30:38 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/27 11:30:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/27 11:16:38 | 03,577,870 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/11/27 10:50:22 | 00,010,283 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Forum.docx [2009/11/27 10:49:14 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/11/27 09:56:27 | 00,000,210 | -H-- | C] () -- C:\boot.ini.SAB [2009/11/25 15:45:11 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20091125_154510.reg [2009/11/25 15:44:51 | 00,022,930 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20091125_154450.reg [2009/11/24 16:25:18 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/11/24 08:07:33 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/11/23 08:57:48 | 00,002,321 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chromium.lnk [2009/11/21 12:17:18 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe [2009/11/19 16:27:18 | 02,802,967 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\isled-quick-start-guide-feb-2006[1].pdf [2009/11/16 08:30:24 | 00,233,715 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Windows Seven Product Key.pdf [2009/11/09 15:14:09 | 00,013,247 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CE Marketing Claim Form _Distribution DLR CLAIM FORM 110409.xlsx [2009/11/06 15:13:52 | 00,010,402 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lee check 110609.docx [2009/11/03 13:48:00 | 00,166,342 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Q3_2009__DISH'n_It_Up_Business_Rules_081909[1].pdf [2009/11/03 10:51:40 | 00,052,766 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Retailer Purchase Order Form 110309.xlsx [2009/10/30 11:13:46 | 00,014,211 | ---- | C] () -- C:\WINDOWS\twacker.ini [2009/07/18 07:48:07 | 00,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/07/15 12:27:17 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log [2009/07/15 12:26:54 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat [2009/07/15 12:26:54 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf [2009/05/08 09:04:19 | 00,035,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SlingSetup.log [2009/04/04 10:57:52 | 00,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\closedList.awt [2009/04/03 16:03:26 | 00,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\openList.awt [2009/03/21 10:11:24 | 00,033,622 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SlingSetup.log [2008/12/23 14:50:44 | 00,000,107 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.pls [2008/12/18 12:36:43 | 02,327,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cooliris-win-ie-release-1.9.0.16396.msi [2008/11/19 14:34:35 | 00,002,722 | ---- | C] () -- C:\WINDOWS\DevMgr.ini [2008/11/19 14:33:43 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI [2008/11/05 10:34:23 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008/10/21 14:57:51 | 02,869,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cooliris-win-iemin-release-1.8.4.14391.msi [2008/10/21 14:39:44 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll [2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/10/02 14:00:07 | 00,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\closedListSW.awt [2008/08/22 13:28:36 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2008/08/22 12:06:47 | 02,149,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cooliris-win-iemin-release-1.8.0.4272.msi [2008/07/19 07:02:54 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008/05/29 14:22:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008/04/08 15:42:46 | 00,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys [2008/04/08 15:42:46 | 00,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys [2008/04/08 15:42:46 | 00,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys [2008/04/08 15:42:46 | 00,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys [2008/01/18 12:25:16 | 00,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini [2008/01/18 12:15:24 | 00,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008/01/18 12:15:24 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2008/01/18 12:15:24 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/12/12 18:20:19 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/10/30 16:04:37 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2007/09/28 13:32:49 | 00,017,593 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007/09/28 13:27:01 | 00,017,631 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/08/06 12:18:39 | 00,038,489 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR [2007/07/09 11:56:25 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007/06/15 07:25:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI [2007/06/15 07:10:48 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL [2007/06/15 07:10:47 | 00,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI [2007/06/15 07:10:46 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2007/06/14 15:17:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WFXSEH32.INI [2007/06/11 09:35:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/06/08 15:45:01 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll [2007/06/08 14:26:55 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/06/06 11:45:16 | 00,059,904 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/06 10:21:28 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2007/06/06 09:28:08 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007/05/30 02:59:30 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2007/05/30 02:38:57 | 00,000,709 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2007/05/30 02:38:57 | 00,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2007/05/30 02:38:44 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007/05/30 02:38:27 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007/04/20 08:05:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/04/20 08:05:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/04/20 08:05:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/04/20 08:05:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/04/20 08:05:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/09/27 16:47:40 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2006/08/17 11:33:54 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2006/01/12 16:09:14 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll [2006/01/12 16:08:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll [2005/06/07 21:10:50 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2005/03/07 14:11:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\ForcsZipDll.dll [2002/11/20 18:51:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll ========== LOP Check ========== [2008/05/24 08:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Destinator [2007/12/08 12:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN [2007/06/11 12:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter [2008/03/06 15:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IEPro [2008/12/16 14:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Instant Housecall [2008/02/29 09:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MiniDm [2008/06/19 11:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Moyea [2007/06/08 15:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Musicmatch [2009/02/26 14:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sling Media [2009/08/13 07:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw [2008/12/04 13:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrueSwitch [2008/08/08 15:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue [2007/07/18 06:44:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint [2009/10/05 10:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso [2008/07/30 12:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search [2008/08/12 08:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search [2009/07/29 11:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2009/01/28 11:52:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2007/11/02 10:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2007/06/16 07:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iomatic [2008/10/16 13:07:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoME [2008/05/13 11:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA [2007/06/07 07:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm [2009/05/16 07:56:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media [2009/12/02 14:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SP [2008/04/08 15:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs [2009/12/02 16:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/11/07 08:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/07/15 13:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2008/06/16 06:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2008/01/11 10:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2009/12/02 17:02:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/11/30 12:00:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Medic Schedule.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\Administrator\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 @Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Administrator\My Documents\amanda exchange.jpg:SummaryInformation @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C < End of report > OTL Extras logfile created on: 12/2/2009 5:04:22 PM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.64% Memory free 3.35 Gb Paging File | 2.90 Gb Available in Paging File | 86.66% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 254.99 Gb Free Space | 85.54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OFFICE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10071:TCP" = 10071:TCP:*:Enabled:spport "25449:TCP" = 25449:TCP:*:Enabled:spport "23967:TCP" = 23967:TCP:*:Enabled:spport "15343:TCP" = 15343:TCP:*:Enabled:spport ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation) "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG) "C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" = C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE:*:Enabled:OSE -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{0E6B5211-CFDD-11DE-863C-005056806466}" = Google Earth Plug-in "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 1.51 for Office "{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Premier 2002: Accountant Edition "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM "{987fb9b0-b4b7-43a3-bda1-898ec6d6b651}" = DFX 8 for Yahoo! Music Jukebox and Windows Media Player "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update "{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update "{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update "{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update "{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B46BC183-3713-3814-9067-D1C6BC952F7B}" = Cooliris for Internet Explorer "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E1D7C392-EAF5-405F-A31D-BBD3B56C0C6A}" = ImageMixer 3 SE for SD "{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1 "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20081215 "Ad-Aware" = Ad-Aware "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AI RoboForm" = AI RoboForm (All Users) "AlmerBackup_is1" = AlmerBackup version 4.8 "AudioCS" = Creative Audio Console "avast!" = avast! Antivirus "CCleaner" = CCleaner "Creative Video Blaster WebCam 3 USB/WebCam Plus" = Creative Video Blaster WebCam 3 USB/WebCam Plus Driver "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "Defraggler" = Defraggler (remove only) "DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.1.2 "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.5.1 "ECCO Pro" = NetManage ECCO Pro "ENTERPRISE" = Microsoft Office Enterprise 2007 "FavOrg" = FavOrg "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.2 "hp officejet g series 1227123274" = hp officejet g series "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Standard) "LG USB Drivers" = LG USB Drivers "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaCoder" = MediaCoder 0.6.2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Net Meter" = Net Meter 3.2 build 297 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PCHealth" = "PhotoME_is1" = PhotoME "PictureItSuite_v11" = Microsoft Digital Image Suite 2006 "Registry Medic_is1" = Registry Medic 5.0 "Restorer2000 Professional" = Restorer2000 Professional "R-Studio 3.6NSIS" = R-Studio 3.6 "Secunia PSI" = Secunia PSI "SysInfo" = Creative System Information "Tweak UI 2.10" = Tweak UI "UP_screensaver_dug" = UP_screensaver_dug "USR_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_200114F1" = U.S. Robotics V.92 Fax Host Int "VLC media player" = VLC media player 0.9.8a "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinFax" = Symantec WinFax PRO "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Chromium" = Chromium "RadarLab HD" = RadarLab HD ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 10/28/2008 1:47:19 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of \\Service\f\BACKUPS\Quicken Backup Files\Daycare Quicken File.pdf failed, 00000005. Error - 12/16/2008 5:33:47 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN failed, 0000A413. Error - 1/16/2009 12:57:01 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN failed, 0000A413. Error - 10/20/2009 12:57:39 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = Error in aswChestS: chest s_NewFile Error 112. Error - 10/20/2009 12:57:39 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 112. Error - 11/5/2009 11:25:09 AM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://www.wjactv.com/_public/js/ad/strate.../dartAsx-min.js failed, 0000A413. Error - 11/6/2009 12:23:43 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.com/complete/search...%20fi&cp=13 failed, 0000A413. Error - 11/9/2009 4:45:34 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://pluckit.demandmedia.com/requests?ap...erviceInstances['pluckit_752355033976'].jsonpCallback&jsonpContext=request_706514389766&jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22callerSDK%22%3 failed, 0000A413. Error - 11/27/2009 3:42:06 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of \\Service\f\BACKUPS\Quicken Backup Files\HP2004_20091127.QPH failed, 00000035. Error - 11/27/2009 3:42:06 PM | Computer Name = OFFICE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of \\Service\f\BACKUPS\Quicken Backup Files\HP2004_20091127.IDX failed, 00000035. [ Application Events ] Error - 11/30/2009 5:01:05 AM | Computer Name = OFFICE | Source = Google Update | ID = 20 Description = Error - 11/30/2009 6:01:05 AM | Computer Name = OFFICE | Source = Google Update | ID = 20 Description = Error - 11/30/2009 7:01:05 AM | Computer Name = OFFICE | Source = Google Update | ID = 20 Description = Error - 11/30/2009 8:01:05 AM | Computer Name = OFFICE | Source = Google Update | ID = 20 Description = Error - 11/30/2009 10:39:57 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: An internal certificate chaining error has occurred. Error - 11/30/2009 11:21:21 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000 Description = Faulting application almerbackup.exe, version 4.8.2.14, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 12/2/2009 11:01:05 AM | Computer Name = OFFICE | Source = Google Update | ID = 20 Description = Error - 12/2/2009 11:01:14 AM | Computer Name = OFFICE | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/2/2009 11:18:34 AM | Computer Name = OFFICE | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/2/2009 3:59:11 PM | Computer Name = OFFICE | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) [ OSession Events ] Error - 6/13/2009 11:41:24 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1950 seconds with 180 seconds of active time. This session ended with a crash. Error - 6/25/2009 9:59:46 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 63445 seconds with 2160 seconds of active time. This session ended with a crash. Error - 7/7/2009 3:08:27 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3193 seconds with 240 seconds of active time. This session ended with a crash. Error - 7/18/2009 9:08:28 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 651 seconds with 120 seconds of active time. This session ended with a crash. Error - 8/1/2009 9:51:37 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1916 seconds with 180 seconds of active time. This session ended with a crash. Error - 9/17/2009 10:28:12 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4595 seconds with 780 seconds of active time. This session ended with a crash. Error - 10/29/2009 9:06:01 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3697 seconds with 360 seconds of active time. This session ended with a crash. Error - 10/31/2009 9:42:39 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3646 seconds with 240 seconds of active time. This session ended with a crash. Error - 11/3/2009 11:26:30 AM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8020 seconds with 2160 seconds of active time. This session ended with a crash. Error - 11/20/2009 3:05:46 PM | Computer Name = OFFICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 376 seconds with 300 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/2/2009 11:16:16 AM | Computer Name = OFFICE | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/2/2009 11:16:17 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000 Description = The Windows Defender service failed to start due to the following error: %%3 Error - 12/2/2009 11:16:17 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000 Description = The Lavasoft Ad-Aware Service service failed to start due to the following error: %%3 Error - 12/2/2009 11:16:17 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000 Description = The PLFlash DeviceIoControl Service service failed to start due to the following error: %%2 Error - 12/2/2009 11:17:13 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Error - 12/2/2009 3:57:32 PM | Computer Name = OFFICE | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/2/2009 3:57:36 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000 Description = The Windows Defender service failed to start due to the following error: %%3 Error - 12/2/2009 3:57:36 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000 Description = The Lavasoft Ad-Aware Service service failed to start due to the following error: %%3 Error - 12/2/2009 3:57:36 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000 Description = The PLFlash DeviceIoControl Service service failed to start due to the following error: %%2 Error - 12/2/2009 3:57:45 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd < End of report > Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Spybot - Search & Destroy SUPERAntiSpyware Free Edition Windows Defender Secunia PSI HijackThis 2.0.2 CCleaner Java 6 Update 17 Adobe Flash Player 10 Adobe Atmosphere Player for Acrobat and Adobe Reader `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Alwil Software Avast4 ashMaiSv.exe Alwil Software Avast4 ashWebSv.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  8. Here are the results. I'll await your final verdict. HUGE THANKS. Malwarebytes' Anti-Malware 1.41 Database version: 3281 Windows 5.1.2600 Service Pack 3 12/2/2009 4:02:52 PM mbam-log-2009-12-02 (16-02-52).txt Scan type: Quick Scan Objects scanned: 109638 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03:19, on 12/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://radar.weather.gov/ridge/Conus/full_loop.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF17680.cfxxe /c C:\ComboFix\Combobatch.bat O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://oaklandcam.iceweb.net/wg_webeye.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - http://betaimg.sling.com/sli/sling_player_...er.cab?1.1.0.38 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22.com/view22/app/view22rte.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} (ZTransferX Control) - http://aic.lgservice.com:9001/ozserver31/V.../ZTransferX.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://trafficcams.cet.unomaha.edu/activex/AMC.cab O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c941b647c40b8) (gupdate1c941b647c40b8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing) -- End of file - 12961 bytes
  9. P.S. Well here's a dahh moment for you. After successfully booting my computer this morning. (removing the bad video file) I never tried internet explorer because I assumed the redirect problem would still be there. I just tried several search engines and so far I can not duplicate the problem. No redirects so far. Now I'll appear wishy washy. Do you want me to send you a hi-jack report to confirm the problem is gone? Your ideas?
  10. Sorry for the delay. Wednesday is salesman day, so I was tied up. I have decided it best in my situation to do a fresh install. Since this is my business computer, I don't want the worry of lingering problems. One more ? for you. If you were to choose programs to protect your computer, what would they be? HUGE THANKS!
  11. Good morning. I replaced the bad nvata.sys file. I can now boot the system up. Strangely though, the system will only boot up in safe mode. I specifically selected normal mode, but it is going into safe mode. Because of my past experience with safe mode, I have turned the computer off until I hear from you. One last point. The video is large - I think it probably just needs adjusted in video properties, but I didn't stay on the computer long enough to try. Now for your opinion, do we continue trying to clean the virus/malware or should I bite the bullet and re-install Windows? I await your instructions Captain! Mark
  12. OK Main folder is ERDNT Sub folders are: 11-29-2009 Autobackup Subs Cache HIV Backup In 11-29-2009 subfolder there is an erdnt.con from 11-29 @5:45pm In Autobackup subfolder there are two subfolders 11-29-2009 11-30-2009 In Autobackup/11-20-2009 subfolder there is an erdnt.con from 11-29 @7:45pm In Autobackup/11-30-2009 subfolder there is an erdnt.con from 11-30 @8:07am In Subs subfolder there is an erdnt.con from 11-27 @11:46am In Cache there are numerous system files. I did not see an erdnt.con file. Looks like a backup of crucial system files. In HIV Backup subfolder there is an erdnt.con from 11-27 @ 3:09pm I believe my spelling is correct on the folders. I know DOS from way way back, so if I'm slightly off on the path name, I can correct it during input.
  13. Quick bite to eat and then I'll see how many sub folders I have and the times. THanks.
  14. Yes I have a Windows XP disc. I believe you already gave me the command prompts to try and restore the registry. batch erdnt.con was the last line. Yes I do have the C:\Windows\ERDNT directory and it's subfolders. The sub folder is where you directed me to run the batch file.
  15. I read over the Microsoft bulletin. I am using an Intel Core 2 CPU. No .sys text or any other specific text is on the blue screen. Just the generic stuff.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.