Confirmed Google Rediriector [Solved], "Disk Defragmenter Could Not Start", Rootkit.Agent, Dubious Re |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  |
 Jul 3 2009, 06:20 AM
Post
#1
|
|
|
New Member  Posts: 3 OS: XP SP3  |
Needless to say, I'm a bit concerned after looking through the internet, and finding that my defragmenter's unwillingness to work could be attributed to a nasty Google Redirect virus. I tried the fixes for the non-virus related issues, but my drive isn't dirty, she's NFTS formatted, I've got plenty of hard drive space, and my paging file is fine. None of their fixes work - and when I was searching for assistance, I did find myself sent to sites that I did not intend to go to.
Update: I ran a scan of Malwarebytes, and it was able to successfully locate and quarantine all but one infected file, which was a "Rootkit.Agent" located at "C:\\Windows\system32\drivers\str.sys". I strongly believe this to be a Redirector Virus, after researching it some. Update 2: Google is now useless, it won't let me even go to my most frequented sites when I search through it. I'm 99% convinced it's a Redirector Virus. I'll be happy for any help that you can render. I'm not familiar in the protocol of this site, so I'm not sure what you'll need from the start; but here are my logs: (((((((((((((((( MalwareBytes ))))))))))))))))))) Malwarebytes' Anti-Malware 1.38 Database version: 2367 Windows 5.1.2600 Service Pack 3 7/3/2009 9:28:21 AM mbam-log-2009-07-03 (09-28-21).txt Scan type: Quick Scan Objects scanned: 92112 Time elapsed: 4 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot. (((((((((((((((( Rooter Log ))))))))))))))))))) Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 47 Stepping 0, AuthenticAMD . [wscsvc] STOPPED (state:1) : Security Center -> Disabled ! [SharedAccess] RUNNING (state:4) Windows Firewall -> Enabled . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.0.11 (en-US) . C:\ [Fixed-NTFS] .. ( Total:86 Go - Free:56 Go ) D:\ [Fixed-FAT32] .. ( Total:6 Go - Free:1 Go ) E:\ [CD_Rom] F:\ [CD_Rom] G:\ [Removable] . Scan : 15:37.45 Path : C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe User : Compaq_Owner ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (1036) ______ \??\C:\WINDOWS\system32\csrss.exe (1100) ______ \??\C:\WINDOWS\SYSTEM32\winlogon.exe (1132) ______ C:\WINDOWS\system32\services.exe (1180) ______ C:\WINDOWS\system32\lsass.exe (1192) ______ C:\WINDOWS\system32\Ati2evxx.exe (1360) ______ C:\WINDOWS\system32\svchost.exe (1376) ______ C:\WINDOWS\system32\svchost.exe (1484) ______ C:\WINDOWS\System32\svchost.exe (1564) ______ C:\WINDOWS\system32\svchost.exe (1608) ______ C:\WINDOWS\system32\svchost.exe (1868) ______ C:\WINDOWS\system32\svchost.exe (2028) ______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (396) ______ C:\WINDOWS\system32\spoolsv.exe (636) ______ C:\WINDOWS\SYSTEM32\Ati2evxx.exe (224) ______ C:\WINDOWS\Explorer.EXE (1404) ______ C:\WINDOWS\system32\svchost.exe (1772) ______ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (1924) ______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (1980) ______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (308) ______ C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (356) ______ C:\Program Files\Common Files\AOL\1132010039\ee\AOLSoftware.exe (316) ______ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (320) ______ C:\Program Files\Java\jre6\bin\jusched.exe (1740) ______ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (372) ______ C:\WINDOWS\system32\ctfmon.exe (700) ______ C:\FRAPS\FRAPS.EXE (776) ______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1528) ______ C:\Program Files\Java\jre6\bin\jqs.exe (2348) ______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2376) ______ C:\WINDOWS\system32\svchost.exe (2504) ______ C:\WINDOWS\system32\UAService7.exe (2704) ______ C:\WINDOWS\system32\svchost.exe (2968) ______ C:\WINDOWS\System32\dmadmin.exe (3096) ______ C:\WINDOWS\System32\alg.exe (2428) ______ C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (2824) ______ C:\Program Files\Mozilla Firefox\firefox.exe (3764) ______ C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe (2776) . ----------------------\\ Device\Harddisk0\ WARNING : Unable to read MBR .. [ERROR_1381] ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 15:38.07 . C:\Rooter$\Rooter_1.txt - (03/07/2009 | 15:38.07) (((((((((((((((( OTL Log ))))))))))))))))))) OTL logfile created on: 7/3/2009 3:33:51 PM - Run 1 OTL by OldTimer - Version 3.0.6.4 Folder = C:\Documents and Settings\Compaq_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.70% Memory free 3.03 Gb Paging File | 2.58 Gb Available in Paging File | 85.04% Paging File free Paging file location(s): C:\pagefile.sys 768 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 86.65 Gb Total Space | 56.13 Gb Free Space | 64.79% Space Free | Partition Type: NTFS Drive D: | 6.50 Gb Total Space | 1.44 Gb Free Space | 22.20% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 7.45 Gb Total Space | 7.09 Gb Free Space | 95.11% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-27E1513D96 Current User Name: Compaq_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2005/08/13 21:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2005/08/13 21:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe PRC - [2008/02/09 16:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1132010039\ee\AOLSoftware.exe PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2005/08/13 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe PRC - [2008/01/14 07:18:20 | 03,182,248 | ---- | M] (Beepa P/L) -- C:\FRAPS\FRAPS.EXE PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2006/01/16 15:14:24 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe PRC - [2008/03/17 17:06:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2009/06/13 17:34:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/07/03 15:33:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running]) SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Running]) SRV - [2004/06/29 09:29:30 | 00,184,373 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe -- (AOLService [Auto | Stopped]) SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005/08/13 21:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2005/08/13 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2008/02/09 16:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running]) SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running]) SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running]) SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running]) SRV - [2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped]) SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped]) SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running]) SRV - [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2004/08/04 07:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running]) SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008/03/17 17:06:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running]) SRV - [2006/01/16 15:14:24 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe -- (UserAccess7 [Auto | Running]) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2007/08/08 16:14:59 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running]) DRV - [2005/04/20 13:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Stopped]) DRV - [2008/05/06 01:01:50 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running]) DRV - [2005/08/13 21:35:54 | 01,313,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2003/11/05 17:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running]) DRV - [2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped]) DRV - [2004/12/22 01:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running]) DRV - [2002/10/21 11:37:16 | 00,515,803 | ---- | M] (Digital Camera) -- C:\WINDOWS\System32\Drivers\Ca533av.sys -- (Ca533av [Auto | Stopped]) DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped]) DRV - [2009/02/25 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running]) DRV - [2009/02/25 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running]) DRV - [2005/04/14 23:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running]) DRV - [2004/12/15 17:18:32 | 00,220,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running]) DRV - [2004/12/15 17:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running]) DRV - [2005/03/09 20:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running]) DRV - [2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) DRV - [2009/02/19 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.040\NAVENG.SYS -- (NAVENG [On_Demand | Running]) DRV - [2009/02/19 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.040\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) DRV - [2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running]) DRV - [2004/08/04 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running]) DRV - [2004/08/04 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running]) DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007/04/22 19:15:25 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - File not found -- Service key not found. -- (qpvo [Unknown | Running]) DRV - [2005/04/21 15:56:10 | 00,242,176 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT2500.sys -- (RT2500 [On_Demand | Stopped]) DRV - [2005/03/04 13:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running]) DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped]) DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2005/03/03 12:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running]) DRV - [2005/02/23 10:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running]) DRV - [2004/12/03 05:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running]) DRV - [2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running]) DRV - [2008/01/31 17:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running]) DRV - [2008/01/31 17:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped]) DRV - [2008/01/31 17:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running]) DRV - [2007/08/18 07:47:54 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\SVKP.sys -- (SVKP [Auto | Running]) DRV - File not found -- Service key not found. -- (syfuaocznlllil [Unknown | Stopped]) DRV - [2009/02/19 11:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running]) DRV - [2009/01/08 19:20:33 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) DRV - [2009/02/19 11:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running]) DRV - [2009/02/19 11:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running]) DRV - [2008/09/12 02:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090310.004\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running]) DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped]) DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running]) DRV - [2009/02/19 11:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running]) DRV - [2009/02/19 11:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running]) DRV - [2009/02/19 11:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running]) DRV - [2004/02/04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\System32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped]) DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) DRV - [2002/07/25 11:19:48 | 00,010,986 | ---- | M] (USB BULK) -- C:\WINDOWS\System32\Drivers\Bulk533.sys -- (USBCamera [On_Demand | Stopped]) DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running]) DRV - [2004/12/15 17:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.swtor.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.swtor.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/06 06:08:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/24 07:48:38 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 17:34:23 | 00,000,000 | ---D | M] [2008/11/07 19:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Extensions [2008/11/07 19:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/11/07 19:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\xmpf09w4.default\extensions [2009/07/03 06:54:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/06/13 17:34:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/06 06:08:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/04/30 14:50:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/13 17:34:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/13 17:34:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/12/05 22:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/06/13 17:34:15 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2009/06/13 17:34:17 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/06/13 17:34:17 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/06/13 17:34:17 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/06/13 17:34:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/06/13 17:34:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/06/13 17:34:17 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/06/13 17:34:17 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (713 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132010039\ee\AOLSoftware.exe (AOL LLC) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Fraps] C:\FRAPS\FRAPS.EXE (Beepa P/L) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cab (ParallelGraphics Cortona Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\program) - File not found O20 - AppInit_DLLs: (files\relevantknowledge\rlai.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/06/25 00:32:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (/r) - File not found O34 - HKLM BootExecute: (\??\C:) - File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (SsiEfr.e) - File not found ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Documents and Settings\Compaq_Owner\Desktop\CA85Q7KT. [2009/07/03 15:33:41 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe [2009/07/03 11:23:13 | 00,213,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2009/07/03 08:11:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/07/03 06:47:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes [2009/07/03 06:47:04 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/07/03 06:47:03 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/07/03 06:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/03 06:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/07/02 21:12:56 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\beewau.sys [2009/07/02 08:12:48 | 00,310,653 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\GameConstants.xml [2009/07/02 07:37:22 | 00,000,484 | ---- | C] () -- C:\Shortcut to My Documents.lnk [2009/07/01 09:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Replacement XMLs&LUAs [2009/06/30 18:34:02 | 00,012,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Abregado.docx [2009/06/29 19:58:07 | 00,014,723 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Vendetta Tecla.docx [2009/06/28 20:02:35 | 00,010,565 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ModCleanup.docx [2009/06/18 13:54:01 | 00,000,000 | ---D | C] -- C:\Copy [2009/06/18 13:41:12 | 00,031,232 | ---- | C] ( ) -- C:\WINDOWS\System\vdremote.dll [2009/06/18 13:41:12 | 00,025,088 | ---- | C] ( ) -- C:\WINDOWS\System\vdsvrlnk.dll [2009/06/17 13:23:27 | 00,019,315 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Good Day.docx [2009/06/16 07:46:08 | 00,217,088 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PetroLauncher.exe [2009/06/15 20:37:26 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2009/06/15 20:36:21 | 00,000,000 | ---D | C] -- C:\Program Files\WallMaster [2009/06/13 06:17:30 | 05,689,274 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Obamanation_01.wmv [2009/06/11 20:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP [2009/06/11 20:28:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP [2009/06/11 06:58:06 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fraps.lnk [2009/06/11 06:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads [2009/06/11 06:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent [2009/06/11 06:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent [2009/06/10 14:23:52 | 00,262,144 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2009/06/10 14:23:52 | 00,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2009/06/10 06:34:36 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/10 06:34:36 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/06/10 06:34:35 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2009/06/10 06:34:32 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/06/08 06:30:22 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity [2009/06/08 06:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter [2009/06/07 06:16:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2009/06/06 13:35:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2009/06/06 07:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Audacity [2009/06/06 07:58:13 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode) [2009/06/05 10:15:55 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2008/12/22 09:15:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008/06/18 20:46:56 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll [2007/10/17 07:25:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/08/18 07:53:31 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2007/08/08 16:14:53 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2007/08/08 16:14:53 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2007/08/08 16:14:40 | 00,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2007/07/08 13:08:54 | 00,000,035 | ---- | C] () -- C:\WINDOWS\ulead32.ini [2007/07/08 12:47:19 | 00,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI [2007/07/08 12:47:18 | 00,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini [2007/01/22 20:43:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006/04/23 10:08:38 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2006/04/17 17:17:00 | 00,000,095 | ---- | C] () -- C:\WINDOWS\REBMOON.INI [2006/04/17 17:16:34 | 00,000,029 | ---- | C] () -- C:\WINDOWS\MMXAPP.INI [2006/04/11 18:18:33 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/04/02 08:49:28 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006/03/19 16:47:51 | 00,000,077 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/03/19 16:47:51 | 00,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini [2006/03/19 16:47:51 | 00,000,041 | ---- | C] () -- C:\WINDOWS\photoprn.ini [2006/03/19 16:47:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\pmontage.ini [2006/03/19 16:47:51 | 00,000,026 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2005/11/09 18:01:36 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2005/11/08 18:38:35 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2005/11/08 18:38:34 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2005/11/08 18:14:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2005/08/30 19:49:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/30 19:22:51 | 00,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2005/08/30 19:22:46 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2005/08/30 19:20:40 | 00,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2005/08/30 19:17:04 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/08/30 19:11:18 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/08/30 19:11:18 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/08/30 19:11:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/08/30 19:11:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/08/30 19:11:18 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/08/30 19:11:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/08/30 19:06:08 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2005/08/30 19:01:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/30 18:47:39 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/30 18:43:53 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll [2005/08/30 18:43:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll [2005/08/30 18:43:30 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2005/06/25 00:32:00 | 00,000,871 | ---- | C] () -- C:\WINDOWS\win.ini [2005/06/24 17:26:26 | 00,000,243 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI [2005/04/29 16:42:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/05 15:00:48 | 00,146,432 | ---- | C] () -- C:\WINDOWS\System32\MovieEncoder.dll [2004/06/16 00:38:02 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/08/03 19:56:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL [2000/01/27 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Files - Modified Within 30 Days ========== [9 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] File not found -- C:\Documents and Settings\Compaq_Owner\Desktop\CA85Q7KT. [2009/07/03 15:33:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe [2009/07/03 15:21:28 | 00,219,648 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/03 11:23:33 | 00,213,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys [2009/07/03 11:22:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/07/03 11:22:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/07/02 21:12:56 | 00,070,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\beewau.sys [2009/07/02 17:45:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/02 07:37:22 | 00,000,484 | ---- | M] () -- C:\Shortcut to My Documents.lnk [2009/06/30 18:41:42 | 00,012,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Abregado.docx [2009/06/29 20:32:06 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job [2009/06/29 20:31:55 | 00,014,723 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Vendetta Tecla.docx [2009/06/29 19:55:41 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Word 2007.lnk [2009/06/29 06:17:48 | 00,310,653 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\GameConstants.xml [2009/06/28 20:02:36 | 00,010,565 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ModCleanup.docx [2009/06/19 14:19:27 | 00,019,315 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Good Day.docx [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/15 21:04:03 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\GIMP 2.lnk [2009/06/15 21:03:43 | 00,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Spyware Protection from AOL.lnk [2009/06/15 21:03:16 | 00,002,022 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Computer Check-Up.lnk [2009/06/15 21:03:03 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fraps.lnk [2009/06/15 21:02:43 | 00,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk [2009/06/15 21:02:25 | 00,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/06/15 20:37:27 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE [2009/06/13 06:18:22 | 05,689,274 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Obamanation_01.wmv [2009/06/11 07:24:48 | 00,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/11 07:16:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/06/10 14:23:52 | 00,262,144 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2009/06/10 14:23:52 | 00,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2009/06/05 10:17:00 | 04,235,100 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db ========== Alternate Data Streams ========== @Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF < End of report > This post has been edited by Sialboats: Jul 4 2009, 06:32 AM |
 |
 
|
|
Jul 3 2009, 01:38 PM
Post
#2
|
|
|
New Member Posts: 3 OS: XP SP3 |
(Sorry - didn't think I'd have enough room for the last OTL Log.)
(((((((((((((((( OTL Extras ))))))))))))))))))) OTL Extras logfile created on: 7/3/2009 3:33:51 PM - Run 1 OTL by OldTimer - Version 3.0.6.4 Folder = C:\Documents and Settings\Compaq_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.70% Memory free 3.03 Gb Paging File | 2.58 Gb Available in Paging File | 85.04% Paging File free Paging file location(s): C:\pagefile.sys 768 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 86.65 Gb Total Space | 56.13 Gb Free Space | 64.79% Space Free | Partition Type: NTFS Drive D: | 6.50 Gb Total Space | 1.44 Gb Free Space | 22.20% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 7.45 Gb Total Space | 7.09 Gb Free Space | 95.11% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-27E1513D96 Current User Name: Compaq_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] File not found -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes [2005/08/30 19:23:55 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2005/08/30 19:23:55 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader [2006/10/23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed [2005/07/29 11:53:51 | 00,151,128 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1132010039\EE\AOLServiceHost.exe:*:Enabled:AOL [2006/11/07 13:49:50 | 00,161,328 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL [2004/10/18 17:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL [2004/10/15 12:16:06 | 03,040,856 | ---- | M] (AOL Spyware Protection) -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found -- C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL [2004/10/14 16:34:06 | 00,059,992 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found -- C:\Program Files\Scholastic Digital Downloads\Pearl Harbor - Zero Hour\PHarbor.exe:*:Disabled:PHarbor File not found -- C:\Program Files\ASAP Games\Pearl Harbor - Zero Hour\PHarbor.exe:*:Disabled:PHarbor File not found -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer [2004/11/19 12:54:58 | 00,037,464 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL File not found -- C:\My Games\Pearl Harbor - Zero Hour\phz.exe:*:Disabled:phz File not found -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed [2008/02/20 18:37:55 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad File not found -- C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad File not found -- C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Enabled:SwgClient_r [2008/04/13 19:12:25 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1132010039\EE\aolsoftware.exe:*:Enabled:AOL Services File not found -- C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire File not found -- C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Disabled:SC3UpdaterMFC File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent [2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found -- C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe [2006/07/13 21:36:28 | 11,743,232 | ---- | M] (Lucasfilm Entertainment Company, Ltd.) -- C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War [2006/12/05 15:48:02 | 12,812,288 | ---- | M] (Lucasfilm Entertainment Company, Ltd.) -- C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars®: Empire at War™: Forces of Corruption™ ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{07F21766-42D7-4ECD-8B38-8656EB986DF2}" = SymNet "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server "{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor "{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online "{25EF00C5-F17B-11D6-88EA-000476CD2443}" = Broadband Support Center "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13 "{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2 "{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series "{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4 "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus "{78699791-0625-4667-9E70-626A1CCEC94D}" = 3D Canvas "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A97D672-6C93-4DFA-B527-DE005A761495}" = Video Stream Driver for Panasonic DVC "{A0CB3F80-6DE5-11D4-8D5C-00010257002B}" = Oregon Scientific DS3868/DS3898 Camera Driver "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour "{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera "{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F2806C00-8411-11D4-8D5C-00010257002B}" = Video Creator "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AdobeESD" = Adobe Download Manager 2.0 (Remove Only) "AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4 "Allok MOV Converter_is1" = Allok MOV Converter 4.4.0314 "AOL Deskbar" = AOL Deskbar "AOL Spyware Protection" = AOL Spyware Protection "AOL Toolbar" = AOL Toolbar "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver "AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en) "ATI Display Driver" = ATI Display Driver "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode) "audcle" = Plus! MP3 Audio Converter LE "AviSynth2" = AviSynth 2 (remove only) "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP "Commando Realism Mod Proper Release (v3.1)" = Commando Realism Mod Proper Release (v3.1) "drmtool.inf" = Personal License Update Wizard for Windows Media Player "Fraps" = Fraps (remove only) "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 5.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0 "HPExtendedCapabilities" = HP Extended Capabilities 5.0 "HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only) "ie8" = Windows Internet Explorer 8 "InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005 "InstallShield_{9A97D672-6C93-4DFA-B527-DE005A761495}" = Video Stream Driver for Panasonic DVC "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "LucasArts' Rogue Squadron" = LucasArts' Rogue Squadron "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mmmusic" = Movie Maker Background Music Files "mmsounds" = Movie Maker Sound Effects "mmtitle" = Movie Maker Title Images "Money2005b" = Microsoft Money 2005 "Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11) "mplibwiz.inf" = Media Library Management Wizard "mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard "mpxptray.inf" = Windows Media Player Tray Control "MS Access 97 SP2" = MS Access 97 SP2 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "Port Magic" = Pure Networks Port Magic "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "QuickTime" = QuickTime "Sunplus CA533A" = Icatch(IV) Camera Driver "SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation) "Verizon Online DSL_is1" = Verizon Online DSL "ViewpointMediaPlayer" = Viewpoint Media Player "wa2wmp" = Windows Media Player Skin Importer "WildTangent CDA" = WildTangent Web Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.4.6 "WinRAR archiver" = WinRAR archiver "WMBK2" = Windows Media Bonus Pack for Windows XP "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "wtwebdriver" = WildTangent Web Driver "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/30/2009 6:40:18 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1001 Description = Fault bucket 339245782. Error - 6/30/2009 7:22:51 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002 Description = Hanging application swfoc.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/30/2009 7:22:55 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1001 Description = Fault bucket 339245782. Error - 7/1/2009 1:24:16 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000 Description = Faulting application focupdate1_1.exe, version 1.0.1.3, faulting module focupdate1_1.exe, version 1.0.1.3, fault address 0x00007187. Error - 7/1/2009 1:24:19 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1001 Description = Fault bucket 358718102. Error - 7/1/2009 3:29:05 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002 Description = Hanging application swfoc.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/1/2009 9:48:35 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002 Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/1/2009 9:48:38 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1001 Description = Fault bucket 115810024. Error - 7/2/2009 10:13:49 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x020d2578. Error - 7/2/2009 10:14:22 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1001 Description = Fault bucket 1348098057. [ OSession Events ] Error - 1/5/2009 4:51:54 PM | Computer Name = YOUR-27E1513D96 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2363 seconds with 2100 seconds of active time. This session ended with a crash. [ System Events ] Error - 7/3/2009 8:40:10 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7000 Description = The Icatch(IV) Video Camera Device service failed to start due to the following error: %%1058 Error - 7/3/2009 9:25:03 AM | Computer Name = YOUR-27E1513D96 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 7/3/2009 12:23:03 PM | Computer Name = YOUR-27E1513D96 | Source = LDMS | ID = 16780239 Description = The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromlite-on_combo_sohc-4836k________________spk2____#3032353039303031303034303434343920202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381. Error - 7/3/2009 12:23:30 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7000 Description = The Icatch(IV) Video Camera Device service failed to start due to the following error: %%1058 Error - 7/3/2009 4:33:55 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7028 Description = The syfuaocznlllil Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error - 7/3/2009 4:33:59 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7028 Description = The syfuaocznlllil Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error - 7/3/2009 4:33:59 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7028 Description = The syfuaocznlllil Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error - 7/3/2009 4:33:59 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7028 Description = The syfuaocznlllil Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error - 7/3/2009 4:33:59 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7028 Description = The syfuaocznlllil Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error - 7/3/2009 4:34:41 PM | Computer Name = YOUR-27E1513D96 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. < End of report > |
|
|
|
|
Jul 4 2009, 07:29 AM
Post
#3
|
|
 GeekU Teacher  Posts: 34,385 From: Dublin OS: XP |
|
|
|
|
|
Jul 4 2009, 12:56 PM
Post
#4
|
|
|
New Member Posts: 3 OS: XP SP3 |
QUOTE (Rorschach112 @ Jul 4 2009, 08:29 AM)  Thank you, Rorschach - that nailed the contemptible little bugger. I was a bit hesitant to try those self-helps until I knew that they were recent and supported by the site's Virus Fighters. |
|
|
|
|
Jul 4 2009, 04:37 PM
Post
#5
|
|
|
GeekU Teacher Posts: 34,385 From: Dublin OS: XP |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
10 / 160 | 29th October 2009 - 05:17 PM Exner started - last by Rorschach112 |
|||||
 |
15 / 146 | 1st November 2009 - 06:32 PM xetech started - last by Rorschach112 |
|||||
|
26 / 201 | 6th November 2009 - 02:03 PM rkr2rich started - last by Rorschach112 |
|||||
|
15 / 110 | 5th November 2009 - 05:24 AM Dwightr started - last by Rorschach112 |
|||||
|
Time is now: 8th November 2009 - 02:30 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising