Hi Maurice,
Thanks for the detailed instructions! I followed them exactly, but I noticed that while Security Check (screen317) was in the "Preparing" phase, I got an error window saying "Objlist.exe has encountered a problem and needs to close. . . ." So I don't know if it did anything useful. Below are the output of the scans in the order request.
I don't know if the redirects would happen in Firefox (not installed on my wife's computer), but the redirects DO happen in Chrome as well as IE 7.
Thanks,
Ken
- - - - - - - - - - - - - - - - - - - -
>>>>>>>>>>>>>>>>>>>> avenger.txt . . . <<<<<<<<<<<<<<<<<<<<
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Windows\System32\brastk.exe" not found!
Deletion of file "C:\Windows\System32\brastk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
>>>>>>>>>>>>>>>>>>>> OTL.txt . . . <<<<<<<<<<<<<<<<<<<<
OTL logfile created on: 3/16/2010 12:37:11 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Kits\SpyWareCheckers
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3200 3200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 17.57 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 8.34 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 77.50 Gb Total Space | 66.84 Gb Free Space | 86.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ARRIVA2
Current User Name: Tammi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/03/16 12:35:12 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Kits\SpyWareCheckers\OTL.com
PRC - [2010/02/04 17:14:16 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 05:14:22 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/02/05 15:29:20 | 000,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2008/01/22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/14 12:08:09 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/23 16:40:41 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/05/05 12:18:54 | 000,036,864 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
PRC - [2005/08/06 20:45:14 | 000,974,848 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2005/02/16 23:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/11/28 00:01:40 | 000,319,488 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
PRC - [2004/11/28 00:01:38 | 000,118,784 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
PRC - [2004/11/04 19:36:46 | 000,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/11/04 19:28:24 | 000,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/09/22 21:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/22 21:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2004/08/06 04:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 04:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 04:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/07/19 19:05:04 | 000,098,304 | ---- | M] (Techsoft Pvt. Ltd.) -- C:\WINDOWS\system32\mfsyncsv.exe
PRC - [2004/03/18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2002/08/01 05:49:54 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\OmniPagePro12.0\opware12.exe
PRC - [2002/07/09 11:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/04/17 12:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 12:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/09/26 19:31:34 | 000,094,208 | ---- | M] () -- C:\Program Files\WebDrive\wdService.exe
PRC - [2000/07/05 15:00:00 | 000,065,536 | ---- | M] (CASIO COMPUTER CO., LTD.) -- C:\FA-950\BIN\Klslink.exe
========== Modules (SafeList) ==========
MOD - [2010/03/16 12:35:12 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Kits\SpyWareCheckers\OTL.com
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 02:56:44 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2004/03/18 11:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/03/18 09:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2002/08/01 05:49:34 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\OmniPagePro12.0\ophook12.dll
MOD - [2002/07/09 11:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL
MOD - [2000/07/05 15:00:00 | 000,028,672 | ---- | M] (CASIO COMPUTER CO., LTD.) -- C:\FA-950\BIN\Syshook.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/02/04 17:14:16 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/06 20:45:14 | 000,974,848 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc)
SRV - [2004/09/22 21:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [On_Demand | Stopped] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2004/09/22 21:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2004/08/06 04:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2004/07/19 19:05:04 | 000,098,304 | ---- | M] (Techsoft Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\mfsyncsv.exe -- (mfsyncsv)
SRV - [2003/03/31 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2001/09/26 19:31:34 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
========== Driver Services (SafeList) ==========
DRV - [2009/09/23 07:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2007/06/20 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/10 21:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2005/01/14 21:00:00 | 000,108,480 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/01/14 21:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)
DRV - [2004/11/28 00:01:53 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/11/28 00:01:53 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/11/28 00:01:52 | 000,260,224 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/11/28 00:01:52 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/11/28 00:01:52 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/19 19:05:04 | 000,053,632 | ---- | M] (Techsoft Pvt. Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mrfoldr.sys -- (mrfoldr)
DRV - [2004/03/10 15:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2004/03/03 11:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb)
DRV - [2004/03/03 11:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2003/12/12 15:29:10 | 000,031,048 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)
DRV - [2003/11/30 21:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/03 01:18:08 | 000,088,269 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2003/07/03 01:18:00 | 000,004,621 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/09/06 00:15:23 | 000,022,585 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.old -- (Cdralw2k)
DRV - [2002/07/09 04:50:00 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/07/09 04:50:00 | 000,050,862 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2002/07/09 04:50:00 | 000,023,854 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/07/09 04:50:00 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2002/03/26 14:43:34 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2001/09/26 19:32:04 | 000,135,168 | ---- | M] (River Front Software) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\RFNP32.dll -- (RFNP32)
DRV - [2001/09/26 19:30:56 | 000,067,204 | ---- | M] () [File_System | System | Running] -- C:\Program Files\WebDrive\rffsd.sys -- (WebDriveFSD)
DRV - [2001/08/22 12:14:36 | 000,024,214 | R--- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wbmsa.sys -- (WBMSA) Winbond Memory Stick Storage (MS)
DRV - [2001/08/17 07:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 07:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)
DRV - [2000/07/05 08:00:00 | 000,024,142 | R--- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Klsmpad.sys -- (Klsmpad)
DRV - [2000/01/11 09:41:09 | 000,072,556 | R--- | M] (ViewQuest Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Me2Cam.sys -- (DCamUSBOvt)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI32)
DRV - [1997/04/22 12:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 02 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 F2 21 F8 FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local
O1 HOSTS File: ([2009/11/16 12:01:06 | 000,001,032 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.254 sbc_gateway # Firewall / router to WAN (SBC DSL)
O1 - Hosts:
O1 - Hosts: 192.168.1.155 HP000D9D22EA65
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AtiPTA] File not found
O4 - HKLM..\Run: [ATT-SST_UninstallTracking] C:\DOCUME~1\Tammi\LOCALS~1\Temp\InstallHelper.exe File not found
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Opware12] C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [shStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [PDFSaver] C:\Program Files\PDF-XChange 2.5\pdfSaver.exe (Tracker Software Products)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FA-950.lnk = C:\FA-950\BIN\Klslink.exe (CASIO COMPUTER CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabletWorks.lnk = C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe (GTCO CalComp, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Tammi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: myspace.com ([]* in Internet)
O16 - DPF: {10101010-1010-1111-1010-101010101011} mhtml:C:\\WINX.MHT!http://216.240.137.41/counter/ie.exe (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/US/install.cab (Reg Error: Key error.)
O16 - DPF: {6054D082-355D-4B47-B77C-36A778899F48} http://qmedia.xlontech.net/100348/qm/lates...ull06061501.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...37873.940150463 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/29 21:56:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/16 11:16:51 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/16 10:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/16 10:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/12 10:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/12 10:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/03/12 10:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/12 10:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/06/12 03:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/12/11 16:19:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/03/11 04:00:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/11/14 20:45:45 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/03/03 15:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2002/08/29 22:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2 C:\Documents and Settings\Tammi\My Documents\*.tmp files -> C:\Documents and Settings\Tammi\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Tammi\*.tmp files -> C:\Documents and Settings\Tammi\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2793/06/26 18:20:07 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C421.lfa
[2793/06/26 18:20:07 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C420.lfa
[2010/03/16 12:34:46 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Tammi\Desktop\MBAM won't run; GMER . . . reboots - Malwarebytes Forum.url
[2010/03/16 12:30:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/16 12:30:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/16 12:28:37 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/03/16 12:25:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/16 12:23:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 12:23:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 12:23:04 | 1341,755,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/16 12:22:29 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Tammi\ntuser.dat
[2010/03/16 12:22:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tammi\ntuser.ini
[2010/03/16 12:01:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/16 11:15:37 | 000,000,717 | ---- | M] () -- C:\WINDOWS\KLSLINK.INI
[2010/03/16 10:56:59 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Tammi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/16 01:05:09 | 000,011,058 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/16 01:05:08 | 000,015,752 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/03/15 20:03:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tammi\defogger_reenable
[2010/03/15 20:02:55 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tammi\Desktop\Defogger.exe
[2010/03/15 14:15:05 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/15 08:51:27 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 08:51:26 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 08:51:23 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 10:14:32 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/03/10 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/04 11:50:42 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Tammi\default.pls
[2010/03/04 11:40:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/01 03:01:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\BackupTammiStuff.job
[2010/02/25 04:00:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/16 15:11:33 | 000,001,891 | ---- | M] () -- C:\Documents and Settings\Tammi\Desktop\eBay Blackthorne.lnk
[2010/02/15 23:58:43 | 000,000,680 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2 C:\Documents and Settings\Tammi\My Documents\*.tmp files -> C:\Documents and Settings\Tammi\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Tammi\*.tmp files -> C:\Documents and Settings\Tammi\*.tmp -> ]
========== Files Created - No Company Name ==========
[2793/06/26 18:20:07 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C421.lfa
[2793/06/26 18:20:07 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C420.lfa
[2010/03/16 12:34:46 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Tammi\Desktop\MBAM won't run; GMER . . . reboots - Malwarebytes Forum.url
[2010/03/16 10:56:59 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Tammi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/15 20:03:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tammi\defogger_reenable
[2010/03/15 20:03:09 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tammi\Desktop\Defogger.exe
[2010/03/15 15:55:20 | 1341,755,392 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/12 10:14:32 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/16 15:11:32 | 000,001,891 | ---- | C] () -- C:\Documents and Settings\Tammi\Desktop\eBay Blackthorne.lnk
[2010/01/14 12:13:27 | 000,038,438 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\Comma Separated Values (DOS).ADR
[2009/07/29 21:59:09 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/05/31 23:47:22 | 000,003,127 | ---- | C] () -- C:\WINDOWS\DMUSProd.INI
[2009/05/05 13:25:30 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2009/03/01 22:40:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/07/30 17:27:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/28 14:45:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/28 14:45:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/28 14:45:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/28 14:45:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/28 14:45:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/28 14:45:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/17 22:33:12 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/01/03 17:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 16:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/10/20 22:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/10/07 23:13:50 | 000,000,557 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2006/10/05 20:47:11 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2006/10/05 20:47:05 | 000,031,378 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/10/05 20:44:47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2006/10/05 20:44:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/07/31 21:28:59 | 000,005,385 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/31 21:28:59 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/27 22:52:05 | 000,000,224 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/22 10:33:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/28 12:36:19 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2005/10/03 15:02:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\fusioncache.dat
[2005/09/29 02:51:13 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/09/29 02:51:12 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/09/28 20:25:00 | 000,003,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/07 12:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 12:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/06/04 23:06:58 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2005/05/21 22:45:31 | 000,000,599 | R--- | C] () -- C:\WINDOWS\mt110.ini
[2005/03/04 03:45:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/20 00:23:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/20 00:22:29 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DBHMMIKM.ini
[2004/11/28 02:34:06 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameV.txt
[2004/11/04 23:23:57 | 000,000,699 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/11/04 23:23:15 | 000,000,113 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/10/16 19:41:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/04 20:45:08 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/09/04 20:44:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/08/30 17:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2004/08/29 22:07:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2004/03/01 15:53:06 | 000,000,717 | ---- | C] () -- C:\WINDOWS\KLSLINK.INI
[2003/10/12 22:01:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2003/10/12 20:32:32 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2003/10/12 20:30:49 | 000,127,026 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2003/10/12 20:30:49 | 000,048,936 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2003/09/25 19:32:53 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\FASTApp.html
[2003/08/19 10:03:22 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[2003/08/18 18:42:09 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/07/04 19:06:22 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2003/06/28 12:09:53 | 000,001,600 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/02/27 08:42:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/02/15 11:43:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\PFP100JPR.{PB
[2003/02/15 11:43:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\PFP100JCM.{PB
[2003/02/08 14:16:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2003/01/11 23:02:03 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/06 03:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2002/11/30 04:15:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2002/11/30 04:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/11/06 21:39:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2002/10/15 01:05:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\RFHelper.dll
[2002/10/15 01:05:07 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\rfwdres.dll
[2002/10/15 01:05:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\rfshext.dll
[2002/10/15 01:05:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\rfhres.dll
[2002/10/15 01:05:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfshres.dll
[2002/10/15 01:05:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\rfstrres.dll
[2002/10/15 01:05:07 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\rfwdui.dll
[2002/09/30 02:56:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2002/09/23 22:46:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2002/09/23 22:46:52 | 000,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2002/09/18 00:20:00 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2002/09/18 00:17:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/09/17 23:24:03 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2002/09/17 23:23:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2002/09/17 05:01:29 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2002/09/17 04:19:40 | 000,002,964 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2002/09/17 04:19:38 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2002/09/17 04:16:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2002/09/17 04:15:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2002/09/03 00:21:54 | 000,000,578 | ---- | C] () -- C:\WINDOWS\PSADMIN.INI
[2002/09/02 20:59:28 | 000,021,186 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\FASTWiz.html
[2002/09/02 19:59:29 | 000,066,067 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\FASTWiz.log
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
========== LOP Check ==========
[2003/08/18 21:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2007/01/16 00:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2005/02/08 20:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/11/16 16:02:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\InfectedBy_e4b4d56
[2009/11/16 10:35:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\InfectedBy_WSDDSys
[2008/06/28 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/07/29 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2004/10/31 00:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MirrorFolder
[2005/11/25 17:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/01/16 01:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2006/10/21 14:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/10/21 16:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/10/05 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2002/11/06 20:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2002/11/06 20:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/06/17 22:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/28 14:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/10/31 13:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/10/05 20:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/10/31 16:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/11 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/16 17:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/05/21 22:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Anvil Studio
[2010/03/12 10:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/06/26 07:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\eBay
[2008/07/18 15:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\EPSON
[2007/03/01 12:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\IMVU
[2009/11/16 10:37:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tammi\Application Data\InfectedBy System Defender
[2009/05/31 23:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\MtStudio
[2005/02/20 00:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\oenl
[2007/02/18 21:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Opera
[2006/08/01 16:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\PPIMAGES
[2006/10/05 20:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\ScanSoft
[2008/06/28 14:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Ulead Systems
[2006/03/08 18:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Webshots
[2006/10/05 20:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Zeon
[2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/16 12:25:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/01 03:01:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\Tasks\BackupTammiStuff.job
[2002/09/30 03:51:55 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\TASK20020930010621.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
< End of report >
>>>>>>>>>>>>>>>>>>>> Extras.txt . . . <<<<<<<<<<<<<<<<<<<<
OTL Extras logfile created on: 3/16/2010 12:37:11 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Kits\SpyWareCheckers
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3200 3200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 17.57 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 8.34 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 77.50 Gb Total Space | 66.84 Gb Free Space | 86.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ARRIVA2
Current User Name: Tammi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"21:TCP" = 21:TCP:*:Disabled:ftp
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\eBay\Seller's Assistant Pro\SAPro.exe" = C:\Program Files\eBay\Seller's Assistant Pro\SAPro.exe:*:Enabled:Seller's Assistant Pro executable -- File not found
"V:\Setup\HPZnet01.exe" = V:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\All Users\Application Data\e4b4d56\WSe4b4.exe" = C:\Documents and Settings\All Users\Application Data\e4b4d56\WSe4b4.exe:*:Enabled:System Defender -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}" = ScanSoft RealSpeak
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}" = OmniPage Pro 12.0
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = IFSYS-8003 IrDA FIR USB Adapter
"{118A578C-FBFF-43EE-8C1A-6598EE0E3741}" = GTCO CalComp TabletWorks
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29302832-88E4-4748-AC13-E8FB91B0D9DD}" = Dress Shop Download Master 7.00
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.71
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7088EC18-1D00-43EA-B37B-608E71D88A5D}" = EpsonNet Config V1
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73643FB0-21FF-4800-95AF-BD0DB4A2171F}" = Dress Shop Download Master 7.00
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{885283DA-46D5-4F9A-85AA-45B421BB6077}" = ATI Multimedia Center
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93ECA342-9C9B-4334-80DD-5476E1DAB81A}" = CoZmanager 2.0
"{987D1E20-24AE-424F-89F9-2973FC9C2A57}" = eBay Blackthorne
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}" = ScanSoft PDF Create! 3
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BFF54E94-8BF2-4A9C-9452-6EF320C53B80}" = ENCAD NovaJet 600 Series ICC Profiles
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5B573BD-21D3-4CB7-9474-502B8E0AB8D4}" = PaperPort Professional 11
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EF729AE1-4AE9-402A-AF64-5C5A8150F549}" = HP Photo and Imaging 1.2 - Scanjet 4570c Series
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FDCD7EE4-1515-4172-AE20-AF5A69F627FE}" = Intel® Integrated Performance Primitives RTI 3.0
"3DGroove" = OTOY
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AstroAvenger_is1" = AstroAvenger
"AsUninst.exe" = Anvil Studio
"ASUS Probe V2.16.01" = ASUS Probe V2.16.01
"AsusUpdate V3.29.08" = AsusUpdate V3.29.08
"ATI Display Driver" = ATI Display Driver
"Bingo Card Creator_is1" = Bingo Card Creator 2.0
"Cameo 3.0 Apparel Pattern Software" = Cameo 3.0 Apparel Pattern Software
"ce876f80-8a31-11d4-b9d2-002018382069_is1" = MirrorFolder 3.0
"Click and Sew Demo1101" = Click and Sew Demo1101
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DirectMusic Producer" = Microsoft DirectMusic Producer
"DXTXTRA" = Microsoft DirectX Transform optional components
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Home Control Center" = Home Control Center
"hp instant support" = hp instant support
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{118A578C-FBFF-43EE-8C1A-6598EE0E3741}" = GTCO CalComp TabletWorks
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6 TBYB
"InterActual Player" = InterActual Player
"jZip" = jZip
"LABEL PRINTER APPLICATION FA-950" = LABEL PRINTER APPLICATION FA-950
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"Logitech Resource Center" = Logitech Resource Center
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultitrackStudio_is1" = MultitrackStudio Lite 5.21
"Musicnotes Player_is1" = Musicnotes Player V1.22.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniFormat" = OmniFormat
"Pattern Master 4 Movies" = Pattern Master 4 Movies
"PatternMaster Celebrations 4" = PatternMaster Celebrations 4
"PatternMaster Celebrations 4 Demo" = PatternMaster Celebrations 4 Demo
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PDF-Tools" = PDF-Tools
"PDF-XChange Registered Release" = PDF-XChange Registered Release
"Picasa 3" = Picasa 3
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"TCEssentials" = TC Native Essentials 2.02
"Vextractor_is1" = Vextractor 2.00
"VMidi" = vanBasco's Karaoke Player
"WebDrive" = WebDrive
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{FC94A2F6-E490-42DD-901F-1BABDD3947F1}" = Seller's Assistant Pro
"GCalc 3" = GCalc 3
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/15/2010 4:35:44 PM | Computer Name = ARRIVA2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module msvcr71.dll, version 7.10.3052.4, fault address 0x000017fb.
Error - 3/15/2010 4:35:47 PM | Computer Name = ARRIVA2 | Source = Application Error | ID = 1001
Description = Fault bucket 1670938873.
Error - 3/15/2010 5:52:39 PM | Computer Name = ARRIVA2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from ARRIVA2
IP 192.168.1.142 user Tammi running VirusScan Ent. 8.0.0 UPD)
Error - 3/15/2010 5:53:19 PM | Computer Name = ARRIVA2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from ARRIVA2
IP 192.168.1.142 user Tammi running VirusScan Ent. 8.0.0 UPD)
Error - 3/15/2010 7:19:24 PM | Computer Name = ARRIVA2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 3/15/2010 8:48:40 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/15/2010 8:48:40 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/15/2010 8:48:41 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/15/2010 8:48:41 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/15/2010 9:36:02 PM | Computer Name = ARRIVA2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Failed to connect to CMA updater.(from ARRIVA2
IP 192.168.1.142 user SYSTEM running VirusScan Ent. 8.0.0 UPD)
[ System Events ]
Error - 3/16/2010 12:57:37 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034
Description = The VNC Server service terminated unexpectedly. It has done this
1 time(s).
Error - 3/16/2010 12:57:37 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 3/16/2010 12:57:37 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034
Description = The Network Associates Task Manager service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/16/2010 12:57:38 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 3/16/2010 12:57:38 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034
Description = The MozyHome Backup Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/16/2010 1:23:22 PM | Computer Name = ARRIVA2 | Source = dmboot | ID = 5242883
Description = dmboot: Failed to start volume Volume4 (M:)
Error - 3/16/2010 1:23:22 PM | Computer Name = ARRIVA2 | Source = dmboot | ID = 5242883
Description = dmboot: Failed to start volume Volume5 (N:)
Error - 3/16/2010 1:23:22 PM | Computer Name = ARRIVA2 | Source = dmboot | ID = 5242883
Description = dmboot: Failed to start volume Volume6 (O:)
Error - 3/16/2010 1:23:49 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2
Error - 3/16/2010 1:23:49 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
< End of report >
>>>>>>>>>>>>>>>>>>>> checkup.txt . . . <<<<<<<<<<<<<<<<<<<<
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
HijackThis 2.0.2
Java 6 Update 15
Java SE Runtime Environment 6 Update 1
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.9
Adobe Reader 7.0.5 Language Support
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
>>>>>>>>>>>>>>>>>>>> Rooter_1.txt . . . <<<<<<<<<<<<<<<<<<<<
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 2 Stepping 4, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[sharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:78 Go - Free:17 Go )
D:\ [Fixed-NTFS] .. ( Total:78 Go - Free:8 Go )
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:77 Go - Free:66 Go )
.
Scan : 13:37.35
Path : C:\Kits\SpyWareCheckers\Rooter.exe
User : Tammi ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (496)
______ \??\C:\WINDOWS\system32\csrss.exe (560)
______ \??\C:\WINDOWS\system32\winlogon.exe (588)
______ C:\WINDOWS\system32\services.exe (640)
______ C:\WINDOWS\system32\lsass.exe (660)
______ C:\WINDOWS\system32\Ati2evxx.exe (852)
______ C:\WINDOWS\system32\svchost.exe (868)
______ C:\WINDOWS\system32\svchost.exe (964)
______ C:\WINDOWS\System32\svchost.exe (1060)
______ C:\WINDOWS\System32\svchost.exe (1156)
______ C:\WINDOWS\System32\svchost.exe (1252)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1388)
______ C:\WINDOWS\system32\spoolsv.exe (1492)
______ C:\WINDOWS\System32\svchost.exe (1624)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1668)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1696)
______ C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (1768)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1972)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (196)
______ C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (252)
______ C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe (304)
______ C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (376)
______ C:\WINDOWS\System32\mfsyncsv.exe (452)
______ C:\Program Files\MozyHome\mozybackup.exe (512)
______ C:\WINDOWS\system32\IoctlSvc.exe (552)
______ C:\WINDOWS\System32\svchost.exe (664)
______ C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (912)
______ C:\Program Files\WebDrive\wdService.exe (1080)
______ C:\Program Files\UltraVNC\winvnc.exe (1208)
______ C:\WINDOWS\System32\wbem\unsecapp.exe (2052)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2172)
______ C:\WINDOWS\System32\alg.exe (2236)
______ C:\WINDOWS\system32\Ati2evxx.exe (3356)
______ C:\WINDOWS\Explorer.EXE (3588)
______ C:\WINDOWS\system32\wuauclt.exe (3840)
______ C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe (3908)
______ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (3916)
______ C:\Program Files\Logitech\iTouch\iTouch.exe (3924)
______ C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE (3948)
______ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (4040)
______ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (4068)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2004)
______ C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (1368)
______ C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (916)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (2168)
______ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe (2204)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2296)
______ C:\Program Files\iTunes\iTunesHelper.exe (2428)
______ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (820)
______ C:\Program Files\Messenger\msmsgs.exe (2564)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (2624)
______ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (2656)
______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (1780)
______ C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (2992)
______ C:\FA-950\BIN\Klslink.exe (288)
______ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (2856)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3016)
______ C:\Program Files\MozyHome\mozystat.exe (904)
______ C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (3148)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2632)
______ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe (3516)
______ C:\Program Files\iPod\bin\iPodService.exe (3688)
______ C:\Program Files\Internet Explorer\iexplore.exe (3752)
______ C:\Program Files\Java\jre6\bin\jucheck.exe (2636)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3788)
______ C:\Kits\SpyWareCheckers\Rooter.exe (3892)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:83889598464)
\Device\Harddisk0\Partition2 (Start_Offset:83889630720 | Length:167104788480)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\BackupTammiStuff.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\TASK20020930010621.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 13:39.02
.
C:\Rooter$\Rooter_1.txt - (16/03/2010 | 13:39.02)