Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FakeAlert virus back [RESOLVED]

Started by cmomm , Nov 07 2008 11:12 PM

  • This topic is locked This topic is locked

#1
cmomm
Posted 07 November 2008 - 11:12 PM

cmomm

    Member

  • Member
  • PipPip
  • 87 posts
RatHat--

Seems I have had a couple of weeks 'peace and quiet' after you helped me to get the junk off my computer and I changed over to LAN with Verizon.net---yesterday this thing popped up again "FakeAlert on C Documents with a 'freescan' offer again, this shows all kinds of trouble unless you buyn their pogram---I did nothing yesterday and and it showed up just a few minutes ago when I put it into the AVG Virus Vault where it resides at the moment----what do I do now?---changed the XP firewall to Zone Alarm and loaded a couple of the Spyware thingees you suggested---they show OK--what now----thanks again
  • 0

Advertisements

#2
cmomm
Posted 07 November 2008 - 11:14 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
RatHat

my new addy is removed the email address now

Edited by Jimmy2012, 08 November 2008 - 01:20 AM.
Removed your email address

  • 0

#3
cmomm
Posted 10 November 2008 - 10:46 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
here is the 'hihack this files and scanLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:12, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberPower PowerPanel Persoanl Edition\ppped.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\CyberPower PowerPanel Persoanl Edition\pppeuser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\TrueSwitchVerizon\TrueWizard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\System32\wiaacmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Persoanl Edition\pppeuser.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SystemExplorer] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchVerizon\TrueWizard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...20Installer.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163824449875
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Persoanl Edition\ppped.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.geekstogo.../geeks/c_bl.gif

--
End of file - 7426 bytes
  • 0

#4
RatHat
Posted 11 November 2008 - 08:15 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there, I am sorry to see you back again!

OK, lets have a better look at what could be affecting the system.

I would like to make sure that you can view hidden files and folders (if possible);
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Note: %SystemDrive% is usually, C:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download Old Timer's OTViewIt and save it to your Desktop.
  • Double click OTViewIt.exe to run the program
  • Under File Age: choose 60 Days
  • Now click Run Scan to start the scan
  • The scan will take a minute or so, Do Not run any other programs during the scan
  • When complete, notepad will open two files:
    • OTViewIt.Txt
    • Extras.Txt
  • Please post the contents of both files in your next reply


Regards,
RatHat
  • 0

#5
cmomm
Posted 11 November 2008 - 11:06 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
hope this is part of itOTViewIt logfile created on: 11/12/2008 12:01:31 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.73 Mb Total Physical Memory | 422.26 Mb Available Physical Memory | 55.65% Memory free
1.44 Gb Paging File | 1.13 Gb Available in Paging File | 78.84% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.96 Gb Free Space | 60.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-1SFDBKYKFJ
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2004/07/10 20:35:10 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2004/07/10 20:35:10 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2003/08/29 08:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/08/29 08:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2007/10/24 23:21:39 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[2006/12/03 00:11:15 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[2007/12/20 23:52:47 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
[2005/01/25 05:13:52 | 00,385,024 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Persoanl Edition\ppped.exe
[2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/10/16 23:08:59 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
[2004/07/10 21:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2004/06/15 21:17:38 | 00,069,705 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
[2004/08/09 18:40:40 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2004/04/16 05:43:58 | 00,196,608 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
[2005/01/25 05:16:02 | 00,217,088 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Persoanl Edition\pppeuser.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/08/23 13:07:42 | 01,833,472 | ---- | M] (Mister Group) -- C:\Program Files\System Explorer\SystemExplorer.exe
[2008/09/23 07:26:50 | 01,064,960 | ---- | M] () -- C:\Program Files\TrueSwitchVerizon\TrueWizard.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/12 00:00:36 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/07/10 20:35:10 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2004/07/10 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 23:21:39 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2006/12/03 00:11:15 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/20 23:52:47 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/08/29 08:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2002/09/27 13:56:20 | 00,139,264 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2005/01/25 05:13:52 | 00,385,024 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Persoanl Edition\ppped.exe -- (ppped [Auto | Running])
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (x10nets [On_Demand | Stopped])

========== Driver Services ==========

[2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2004/08/09 18:39:40 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2003/12/15 12:28:46 | 00,257,872 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II [On_Demand | Running])
[2004/07/10 20:37:02 | 00,747,008 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/10/24 23:21:34 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2006/12/03 00:11:15 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/02/25 23:58:11 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/20 23:52:49 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/12/03 00:11:15 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2003/09/24 13:02:58 | 00,067,024 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2003/09/24 13:02:58 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/09/24 13:02:56 | 00,260,224 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2003/09/24 13:02:58 | 00,146,560 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2003/09/24 13:02:56 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2002/09/25 08:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/04/13 13:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt [On_Demand | Running])
[2003/11/13 21:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/13 21:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/01/29 21:13:06 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2002/06/21 18:42:50 | 00,008,224 | ---- | M] (MicroStaff Co.,Ltd.) -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT [Auto | Running])
[2004/01/16 17:21:48 | 00,012,970 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003/09/24 13:02:56 | 00,022,777 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2002/10/16 02:11:22 | 00,019,968 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2005/04/06 01:08:54 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/09/24 13:02:56 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/03/18 15:00:54 | 00,542,976 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
[2006/07/10 21:01:06 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2003/09/24 13:02:58 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2003/11/13 21:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/03/31 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2004/01/29 21:13:06 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2004/01/29 21:13:04 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" (ATI Technologies Inc.)
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe (ATI Technologies Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PowerPanel Personal Edition User Interaction"="C:\Program Files\CyberPower PowerPanel Persoanl Edition\pppeuser.exe" ()
"SystemExplorer"="C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY (Mister Group)

========== (O4) Startup Folders ==========

[2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/09/23 07:26:50 | 01,064,960 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchVerizon\TrueWizard.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoSetTaskbar"=0
"NoToolbarsOnTaskbar"=0
"NoSaveSettings"=0
"NoActiveDesktop"=0
"ClassicShell"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %SystemRoot%\system32\msjava.dll [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
91 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: https://activatemyds...20Installer.cab -- Support.com Configuration Class
{0E5F0222-96B9-11D3-8997-00104BD12D94}: http://www.pcpitstop...p/PCPitStop.CAB -- PCPitstop Utility
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoft...s/as2stubie.cab -- ActiveScan 2.0 Installer Class
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www2.snapfish...fishActivia.cab -- Snapfish Activia
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.micros...b?1163824449875 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{9732FB42-C321-11D1-836F-00A0C993F125}: http://pcpitstop.com/mhLbl.cab -- mhLabel Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.ad...ash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.c...driveragent.cab -- Driver Agent ActiveX Control
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}: http://utilities.pcp.../pcpitstop2.dll -- PCPitstop Exam
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{BACA8D9A-893E-447B-B40B-37801CC6F46A} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll ()
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" (HKLM) -- C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/09 18:11:06 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b78cae6-a9cc-11db-a526-00111170e787}\Shell\AutoRun\command]
""=J:\CA_Install.exe -- File not found

========== Files/Folders - Created Within 60 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2008/11/12 00:00:27 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/11/11 23:52:01 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/11/11 23:40:19 | 00,012,219 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\And perhaps this, in light of what we elected.htm
[2008/11/11 23:40:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\And perhaps this, in light of what we elected_files
[2008/11/11 22:15:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/11/10 23:24:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2008/11/10 23:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/11/06 14:03:58 | 00,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2008/11/06 14:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iolo
[2008/11/06 14:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/11/05 21:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2008/11/05 21:26:53 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\System Explorer.lnk
[2008/11/05 21:26:52 | 00,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2008/11/05 02:10:04 | 02,637,700 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/11/04 16:34:30 | 00,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2008/11/04 16:33:59 | 00,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2008/11/02 22:01:04 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/02 00:18:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2008/11/01 16:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Winkflash.com
[2008/11/01 16:30:41 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/11/01 16:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2008/11/01 16:30:35 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Winkflash Transporter.lnk
[2008/11/01 16:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\Winkflash
[2008/11/01 16:26:26 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/11/01 16:26:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/11/01 16:26:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2008/10/30 16:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Kodak
[2008/10/30 16:10:37 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2008/10/30 16:10:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2008/10/29 23:39:38 | 00,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eudora.lnk
[2008/10/29 23:39:09 | 01,712,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2008/10/27 23:57:56 | 00,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs.lnk
[2008/10/23 22:44:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trymedia
[2008/10/23 22:43:04 | 00,000,000 | ---D | C] -- C:\Program Files\Global Star
[2008/10/23 18:01:59 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/10/23 18:01:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/10/23 17:58:20 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/23 17:58:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/10/23 17:58:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/10/22 22:23:18 | 03,330,080 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/22 22:23:18 | 00,040,988 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/22 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB
[2008/10/22 22:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/22 22:17:43 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/22 22:17:33 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/10/22 22:17:33 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/10/22 22:17:17 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/22 22:17:03 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/22 22:17:03 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/10/22 22:17:00 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/10/22 22:17:00 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/10/22 22:16:54 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/10/22 22:16:53 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/10/22 22:16:53 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/10/22 22:16:52 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/10/22 22:16:52 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/10/22 22:16:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/10/22 22:16:51 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/10/22 22:16:51 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/22 22:15:31 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/22 22:14:44 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/10/22 22:14:44 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/10/22 22:14:44 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/10/22 22:14:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/21 23:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\TrueSwitch
[2008/10/21 23:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TrueSwitch
[2008/10/21 23:05:09 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
[2008/10/21 23:05:04 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard Verizon.lnk
[2008/10/21 23:04:55 | 00,000,000 | ---D | C] -- C:\Program Files\TrueSwitchVerizon
[2008/10/21 22:21:15 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2008/10/21 22:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/10/21 14:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
[2008/10/20 09:51:51 | 00,000,000 | ---D | C] -- C:\Program Files\Opti
[2008/10/20 09:51:51 | 00,000,000 | ---D | C] -- C:\Program Files\BoxKing
[2008/10/19 21:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2008/10/19 21:00:35 | 00,339,257 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CleanUp452.exe
[2008/10/19 20:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Virus infection in xp - Geeks to Go!_files
[2008/10/14 22:51:00 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2008/10/14 22:51:00 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2008/10/14 22:50:58 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2008/10/14 22:50:58 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/14 22:50:58 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2008/10/14 22:50:55 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2008/10/14 22:50:55 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2008/10/14 22:50:48 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2008/10/14 22:50:35 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2008/10/14 22:50:32 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2008/10/14 22:50:32 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2008/10/14 22:50:27 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2008/10/14 22:50:26 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2008/10/14 22:50:26 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2008/10/14 22:50:25 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/10/14 22:50:25 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/10/14 22:50:22 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2008/10/14 22:50:22 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2008/10/14 22:50:13 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2008/10/14 22:50:12 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2008/10/14 22:50:12 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2008/10/14 22:50:11 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2008/10/14 22:50:11 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/10/14 22:50:10 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2008/10/14 22:50:09 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2008/10/14 22:50:09 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2008/10/14 22:50:07 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2008/10/14 22:50:06 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2008/10/14 22:50:04 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2008/10/14 22:50:04 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2008/10/14 22:50:03 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2008/10/14 22:50:03 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2008/10/14 22:50:02 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2008/10/14 22:50:02 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2008/10/14 22:50:01 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2008/10/14 22:50:01 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2008/10/14 22:49:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2008/10/14 22:49:57 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2008/10/14 22:49:56 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/10/14 22:49:55 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/10/14 22:49:54 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2008/10/14 22:49:52 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2008/10/14 22:49:51 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2008/10/14 22:49:51 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2008/10/14 22:49:51 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2008/10/14 22:49:50 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2008/10/14 22:49:50 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2008/10/14 22:49:50 | 00,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2008/10/14 22:49:49 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2008/10/14 22:49:49 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2008/10/14 22:49:48 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2008/10/14 22:49:46 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/10/14 22:49:45 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2008/10/14 22:49:45 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2008/10/14 22:49:44 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2008/10/14 22:49:44 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2008/10/14 22:49:44 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2008/10/14 22:49:43 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2008/10/14 22:49:40 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2008/10/14 22:49:38 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2008/10/14 22:49:37 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/10/14 22:49:36 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2008/10/14 22:49:36 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2008/10/14 22:49:35 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2008/10/14 22:49:34 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2008/10/14 22:49:34 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/10/14 22:49:34 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2008/10/14 22:49:33 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/10/14 22:49:33 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/10/14 22:49:31 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2008/10/14 22:49:30 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2008/10/14 22:49:30 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2008/10/14 22:49:27 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2008/10/14 22:49:26 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2008/10/14 22:49:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2008/10/14 22:49:26 | 00,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2008/10/14 22:49:25 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2008/10/14 22:49:25 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2008/10/14 22:49:24 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2008/10/14 22:49:23 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2008/10/14 22:49:23 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2008/10/14 22:49:23 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2008/10/14 22:49:22 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2008/10/14 22:49:21 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2008/10/14 22:49:20 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/10/14 22:49:20 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2008/10/14 22:49:18 | 00,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2008/10/14 22:49:17 | 00,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2008/10/14 22:49:16 | 00,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2008/10/14 22:49:16 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2008/10/14 22:49:14 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2008/10/14 22:49:13 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2008/10/14 22:49:12 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/10/14 22:49:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/10/14 22:49:12 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2008/10/14 22:49:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/10/14 22:49:09 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/10/14 22:49:08 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2008/10/14 22:49:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/10/14 22:49:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/10/14 22:49:07 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2008/10/14 22:49:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/10/14 22:49:06 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2008/10/14 22:49:06 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2008/10/14 22:49:05 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2008/10/14 22:49:05 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2008/10/14 22:49:04 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2008/10/14 22:49:03 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/10/14 22:49:03 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2008/10/14 22:49:02 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2008/10/14 22:49:02 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2008/10/14 22:49:02 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/10/14 22:49:01 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/10/14 22:49:01 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2008/10/14 22:49:01 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/10/14 22:49:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2008/10/14 22:49:00 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/10/14 22:49:00 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/10/14 22:49:00 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/10/14 22:48:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/10/14 22:48:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/10/14 22:48:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/10/14 22:48:58 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/10/14 22:48:58 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/10/14 22:48:58 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/10/14 22:48:56 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2008/10/14 22:48:55 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2008/10/14 22:48:55 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2008/10/14 22:48:53 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2008/10/14 22:48:51 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/10/14 22:48:47 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2008/10/14 22:48:46 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2008/10/14 22:48:46 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2008/10/14 22:48:46 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2008/10/14 22:48:43 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2008/10/14 22:48:43 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2008/10/14 22:48:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/10/14 22:48:42 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2008/10/14 22:48:40 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2008/10/14 22:48:40 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/14 22:48:39 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/10/14 22:48:39 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2008/10/14 22:48:38 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2008/10/14 22:48:38 | 00,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2008/10/14 22:48:37 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2008/10/14 22:48:36 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2008/10/14 22:48:33 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2008/10/14 22:48:33 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2008/10/14 22:48:33 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2008/10/14 22:48:33 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2008/10/14 22:48:32 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2008/10/14 22:48:32 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2008/10/14 22:48:31 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2008/10/14 22:48:31 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2008/10/14 22:48:31 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2008/10/14 22:48:30 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2008/10/14 22:48:30 | 00,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2008/10/14 22:48:29 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2008/10/14 22:48:29 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/10/14 22:48:29 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/10/14 22:48:28 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/14 22:48:27 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/14 22:48:25 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2008/10/14 22:48:25 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2008/10/14 22:48:23 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2008/10/14 22:48:21 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2008/10/14 22:48:20 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2008/10/14 22:48:19 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2008/10/14 22:48:19 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/10/14 22:48:18 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/10/14 22:48:15 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2008/10/14 22:48:14 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2008/10/14 22:48:13 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2008/10/14 22:48:13 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2008/10/14 22:48:13 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2008/10/14 22:48:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/10/14 22:48:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/10/14 22:48:10 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2008/10/14 22:48:09 | 00,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2008/10/14 22:48:08 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2008/10/14 22:48:06 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2008/10/14 22:48:06 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2008/10/14 22:48:06 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2008/10/14 22:48:05 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2008/10/14 22:48:04 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2008/10/14 22:48:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2008/10/14 22:48:03 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2008/10/14 22:48:01 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2008/10/14 22:48:00 | 00,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32
  • 0

#6
cmomm
Posted 11 November 2008 - 11:33 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
loaded LopS&D---ran it and chose English--all it does is flash a light at a > below the languages box---??? is it working or am I doing saomething wrong again---did the Hijack This file show you anything as the Virus in in the AVG Vault---By the by, did you recieve the Paypal chit?
  • 0

#7
RatHat
Posted 12 November 2008 - 01:13 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Try clicking on the LopS&D window as soon as it starts up, then type in E for English. It sometimes needs you to do this to ensure you are working within the program.

I am also missing the Extras.txt which was created by OTViewIt. It should be on your desktop, so could you try to locate it and post it for me?

HijackThis didn't show me anything untoward, which is why I want to run these additional scans to try and search for this thing.

I did receive the paypal chit, thank you very very much Jack! It is totally unnecessary though, I enjoy this!
  • 0

#8
cmomm
Posted 12 November 2008 - 03:25 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
here is the Extras txt---well worth it as I would have had to undo the computer and haul it downtown---cheersOTViewIt Extras logfile created on: 11/12/2008 12:01:31 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.73 Mb Total Physical Memory | 422.26 Mb Available Physical Memory | 55.65% Memory free
1.44 Gb Paging File | 1.13 Gb Available in Paging File | 78.84% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.96 Gb Free Space | 60.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-1SFDBKYKFJ
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2000/06/27 16:09:58 | 02,695,213 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion
[2000/07/20 23:28:46 | 02,654,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe:*:Enabled:Age of Empires II Expansion
[2006/09/07 17:07:49 | 10,143,040 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}"=ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{15B4652F-38E8-4252-8374-EFE88AA2FDA7}"=Empire Earth II SP Demo
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}"=Microsoft Money 2004
"{2447500B-22D7-47BD-9B13-1A927F43A267}"=Empire Earth
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.0
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}"=ATIRW2
"{33DB5EB0-487B-4425-BCB2-1D88C03E57A0}"=Eudora
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}"=Rome - Total War
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}"=Lexmark Photo Center
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}"=Easy CD & DVD Creator 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"{86EAE190-D651-4E44-B44C-370D2200F47A}"=UFO Aftermath Demo
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}"=ATI Multimedia Center
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8B611C23-ADB6-4F5E-A04A-959EB0D349F6}"=Winkflash Transporter
"{8C64E145-54BA-11D6-91B1-00500462BE80}"=Microsoft Money 2004 System Pack
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B3210D46-AD94-4E2E-80C9-FE4317DD5BA6}"=Warrior Kings
"{B49C924C-A651-4378-94F6-5D9BF44A959F}"=Empire Earth - The Art of Conquest
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}"=KODAK Gallery Upload Software
"{C83F2952-4678-4F00-AB05-776658A8D0AE}"=Age of Empires III Trial
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}"=DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC2A05A5-3A08-481E-9E36-BD9408E823FC}"=CyberPower PowerPanel Personal Editoin
"{D3AA158A-9421-4883-8767-E771B0964A1D}"=ImageMixer VCD for FinePix
"{D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713}"=OTB
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EDE28287-D32C-415E-9C97-2BF9F9260150}"=ATI Decoder
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}"=Intel® PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"57F31F3F-EC7D-4A32-A9C5-28CAAD7A7215"=Mars Rover from ATI (remove only)
"6B772EC5-E423-4AA8-9330-BDCAA366DE66"=STX from ATI (remove only)
"82B0AB24-273E-4B81-BC0F-B798D5FBD489"=Blackhawk Striker from ATI (remove only)
"8CE4EEF6-9561-4DB6-9173-7958530CDE25"=Overball from ATI (remove only)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires Gold 1.0"=Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Age of Empires II: The Conquerors Expansion Trial"=Microsoft Age of Empires II: The Conquerors Expansion Trial
"Age of Mythology Expansion Pack 1.0"=Age of Mythology Gold
"AOL Toolbar"=AOL Toolbar
"Applet_App"=Applet_App
"Applet_Copy"=Applet_Copy
"Applet_Creativity"=Applet_Creativity
"Applet_Email"=Applet_Email
"Applet_Epp"=Applet_Epp
"Applet_File"=Applet_File
"Applet_OCR"=Applet_OCR
"Applet_Web"=Applet_Web
"ArcSoft PhotoImpression 3.0"=ArcSoft PhotoImpression 3.0
"ATI Display Driver"=ATI Display Driver
"AVG7Uninstall"=AVG Free Edition
"B0D390FA-EF25-4295-9847-4A6E3A9D3AFB"=Blasterball 2 from ATI (remove only)
"B3CBD606-6898-4B3C-AC65-8A2CB029F8E9"=Polar Bowler from ATI (remove only)
"BAFBA5DB-2BF1-4152-8BBD-FFDEE4EDA3AE"=Word Symphony from ATI (remove only)
"BigFix"=BigFix
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CC28692B-108D-4E23-8EAC-B6DFD9C74C1A"=Virtual Warfare from ATI (remove only)
"CCleaner"=CCleaner (remove only)
"Celtic Kings"=Celtic Kings
"CleanUp!"=CleanUp!
"ClearSkinFX for Digital Cameras_is1"=ClearSkinFX for Digital Cameras
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=SoftV92 Data Fax Modem with SmartCP
"Copy Utility"=Copy Utility
"CSCLIB"=Canon Camera Support Core Library
"D80A9E65-FA85-4162-A56B-FD271794B5A3"=Orbital from ATI (remove only)
"DE79D49C-E756-470A-8F8B-DE80E9FD268B"=Bounce Symphony from ATI (remove only)
"Empires Client"=Empires Client 0.2
"Empires Dawn of the Modern World"=Empires Dawn of the Modern World
"EOS Utility"=Canon Utilities EOS Utility
"EPSON Photo Print"=EPSON Photo Print
"EPSON Smart Panel"=EPSON Smart Panel
"GameChannel"=WildTangent GameChannel (remove only)
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}"=ATI Remote Wonder 2.3
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}"=Lexmark Photo Center
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}"=ATI Multimedia Center 9.01
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}"=Age of Empires III Trial
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}"=DAO
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}"=ATI Decoder
"Labtec Media Keyboard"=Labtec Media Keyboard V5.0
"Labtec Mouse"=Labtec Mouse
"Legion"=Legion
"Lexmark Z700-P700 Series"=Lexmark Z700-P700 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Military Collector"=Military Collector
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"MWASPINT"=MicroStaff WINASPI NT
"MWSnap 3"=MWSnap 3
"Pearl Harbor"=Pearl Harbor
"PhotoStitch"=Canon Utilities PhotoStitch
"PROSet"=Intel® PRO Network Adapters and Drivers
"QuickTime"=QuickTime
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer Basic
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"Robin Hood: The Legend Of Sherwood"=Robin Hood: The Legend Of Sherwood
"Sheep - Cover Disk Demo"=Sheep - Cover Disk Demo
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"SpywareBlaster_is1"=SpywareBlaster 4.1
"ST6UNST #1"=PhotoUploader
"ST6UNST #3"=PhotoUploader (C:\Program Files\PhotoUploader\) #3
"StreetPlugin"=Learn2 Player (Uninstall Only)
"System Explorer_is1"=System Explorer 1.5
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6
"TrueSwitch Wizard Verizon"=TrueSwitch Wizard Verizon
"Victoria"=Victoria
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMLplayer"=XMLplayer
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2008 3:33:50 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5628, fault address 0x00083040.

Error - 9/27/2008 3:42:47 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5628, fault address 0x00083040.

Error - 10/7/2008 5:01:18 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application SZServer.exe, version 5.0.16.4, faulting module
mfc80u.dll, version 8.0.50727.762, fault address 0x00030d08.

Error - 10/7/2008 5:01:27 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application SZServer.exe, version 5.0.16.4, faulting module
mfc80u.dll, version 8.0.50727.762, fault address 0x00030d08.

Error - 10/7/2008 9:21:14 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1004
Description = Faulting application SZServer.exe, version 5.0.16.4, faulting module
mfc80u.dll, version 8.0.50727.762, fault address 0x00030d08.

Error - 10/9/2008 12:10:26 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001f90.

Error - 10/10/2008 2:41:30 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 10/18/2008 6:58:41 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 11/1/2008 5:12:27 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = MsiInstaller | ID = 10005
Description = Product: Winkflash Transporter -- Winkflash Transporter Requires .NET
to be installed to function

Error - 11/1/2008 5:13:32 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = MsiInstaller | ID = 10005
Description = Product: Winkflash Transporter -- Winkflash Transporter Requires .NET
to be installed to function

[ System Events ]
Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 10:34:19 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/4/2008 11:03:18 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/4/2008 11:03:40 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/4/2008 11:05:21 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
  • 0

#9
RatHat
Posted 12 November 2008 - 07:36 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Jack,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Regards,
RatHat
  • 0

#10
cmomm
Posted 12 November 2008 - 08:43 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
here goes--looks like it found the 'little devil'

Malwarebytes' Anti-Malware 1.30
Database version: 1391
Windows 5.1.2600 Service Pack 3

11/12/2008 9:40:43 PM
mbam-log-2008-11-12 (21-40-43).txt

Scan type: Quick Scan
Objects scanned: 51541
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bldx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#11
RatHat
Posted 12 November 2008 - 08:58 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Looks like it might just have.

Could you run OTViewIt again for me and post me the logs so I can check.

Thanks,
RatHat
  • 0

#12
cmomm
Posted 12 November 2008 - 09:08 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
here goes again--why doesn't the 'Zone Alarm' firewall and 'AVG virus' not catch and kill these things before they get settled?----

OTViewIt Extras logfile created on: 11/12/2008 10:02:48 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.73 Mb Total Physical Memory | 385.85 Mb Available Physical Memory | 50.85% Memory free
1.44 Gb Paging File | 1.07 Gb Available in Paging File | 74.73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.79 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-1SFDBKYKFJ
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2000/06/27 16:09:58 | 02,695,213 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion
[2000/07/20 23:28:46 | 02,654,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe:*:Enabled:Age of Empires II Expansion
[2006/09/07 17:07:49 | 10,143,040 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}"=ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{15B4652F-38E8-4252-8374-EFE88AA2FDA7}"=Empire Earth II SP Demo
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}"=Microsoft Money 2004
"{2447500B-22D7-47BD-9B13-1A927F43A267}"=Empire Earth
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.0
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}"=ATIRW2
"{33DB5EB0-487B-4425-BCB2-1D88C03E57A0}"=Eudora
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}"=Rome - Total War
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}"=Lexmark Photo Center
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}"=Easy CD & DVD Creator 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"{86EAE190-D651-4E44-B44C-370D2200F47A}"=UFO Aftermath Demo
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}"=ATI Multimedia Center
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8B611C23-ADB6-4F5E-A04A-959EB0D349F6}"=Winkflash Transporter
"{8C64E145-54BA-11D6-91B1-00500462BE80}"=Microsoft Money 2004 System Pack
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B3210D46-AD94-4E2E-80C9-FE4317DD5BA6}"=Warrior Kings
"{B49C924C-A651-4378-94F6-5D9BF44A959F}"=Empire Earth - The Art of Conquest
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}"=KODAK Gallery Upload Software
"{C83F2952-4678-4F00-AB05-776658A8D0AE}"=Age of Empires III Trial
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}"=DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC2A05A5-3A08-481E-9E36-BD9408E823FC}"=CyberPower PowerPanel Personal Editoin
"{D3AA158A-9421-4883-8767-E771B0964A1D}"=ImageMixer VCD for FinePix
"{D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713}"=OTB
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EDE28287-D32C-415E-9C97-2BF9F9260150}"=ATI Decoder
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}"=Intel® PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"57F31F3F-EC7D-4A32-A9C5-28CAAD7A7215"=Mars Rover from ATI (remove only)
"6B772EC5-E423-4AA8-9330-BDCAA366DE66"=STX from ATI (remove only)
"82B0AB24-273E-4B81-BC0F-B798D5FBD489"=Blackhawk Striker from ATI (remove only)
"8CE4EEF6-9561-4DB6-9173-7958530CDE25"=Overball from ATI (remove only)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires Gold 1.0"=Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Age of Empires II: The Conquerors Expansion Trial"=Microsoft Age of Empires II: The Conquerors Expansion Trial
"Age of Mythology Expansion Pack 1.0"=Age of Mythology Gold
"AOL Toolbar"=AOL Toolbar
"Applet_App"=Applet_App
"Applet_Copy"=Applet_Copy
"Applet_Creativity"=Applet_Creativity
"Applet_Email"=Applet_Email
"Applet_Epp"=Applet_Epp
"Applet_File"=Applet_File
"Applet_OCR"=Applet_OCR
"Applet_Web"=Applet_Web
"ArcSoft PhotoImpression 3.0"=ArcSoft PhotoImpression 3.0
"ATI Display Driver"=ATI Display Driver
"AVG7Uninstall"=AVG Free Edition
"B0D390FA-EF25-4295-9847-4A6E3A9D3AFB"=Blasterball 2 from ATI (remove only)
"B3CBD606-6898-4B3C-AC65-8A2CB029F8E9"=Polar Bowler from ATI (remove only)
"BAFBA5DB-2BF1-4152-8BBD-FFDEE4EDA3AE"=Word Symphony from ATI (remove only)
"BigFix"=BigFix
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CC28692B-108D-4E23-8EAC-B6DFD9C74C1A"=Virtual Warfare from ATI (remove only)
"CCleaner"=CCleaner (remove only)
"Celtic Kings"=Celtic Kings
"CleanUp!"=CleanUp!
"ClearSkinFX for Digital Cameras_is1"=ClearSkinFX for Digital Cameras
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=SoftV92 Data Fax Modem with SmartCP
"Copy Utility"=Copy Utility
"CSCLIB"=Canon Camera Support Core Library
"D80A9E65-FA85-4162-A56B-FD271794B5A3"=Orbital from ATI (remove only)
"DE79D49C-E756-470A-8F8B-DE80E9FD268B"=Bounce Symphony from ATI (remove only)
"Empires Client"=Empires Client 0.2
"Empires Dawn of the Modern World"=Empires Dawn of the Modern World
"EOS Utility"=Canon Utilities EOS Utility
"EPSON Photo Print"=EPSON Photo Print
"EPSON Smart Panel"=EPSON Smart Panel
"GameChannel"=WildTangent GameChannel (remove only)
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}"=ATI Remote Wonder 2.3
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}"=Lexmark Photo Center
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}"=ATI Multimedia Center 9.01
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}"=Age of Empires III Trial
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}"=DAO
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}"=ATI Decoder
"Labtec Media Keyboard"=Labtec Media Keyboard V5.0
"Labtec Mouse"=Labtec Mouse
"Legion"=Legion
"Lexmark Z700-P700 Series"=Lexmark Z700-P700 Series
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Military Collector"=Military Collector
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"MWASPINT"=MicroStaff WINASPI NT
"MWSnap 3"=MWSnap 3
"Pearl Harbor"=Pearl Harbor
"PhotoStitch"=Canon Utilities PhotoStitch
"PROSet"=Intel® PRO Network Adapters and Drivers
"QuickTime"=QuickTime
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer Basic
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"Robin Hood: The Legend Of Sherwood"=Robin Hood: The Legend Of Sherwood
"Sheep - Cover Disk Demo"=Sheep - Cover Disk Demo
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"SpywareBlaster_is1"=SpywareBlaster 4.1
"ST6UNST #1"=PhotoUploader
"ST6UNST #3"=PhotoUploader (C:\Program Files\PhotoUploader\) #3
"StreetPlugin"=Learn2 Player (Uninstall Only)
"System Explorer_is1"=System Explorer 1.5
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6
"TrueSwitch Wizard Verizon"=TrueSwitch Wizard Verizon
"Victoria"=Victoria
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMLplayer"=XMLplayer
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2008 3:33:50 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5628, fault address 0x00083040.

Error - 9/27/2008 3:42:47 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5628, fault address 0x00083040.

Error - 10/7/2008 5:01:18 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application SZServer.exe, version 5.0.16.4, faulting module
mfc80u.dll, version 8.0.50727.762, fault address 0x00030d08.

Error - 10/7/2008 5:01:27 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application SZServer.exe, version 5.0.16.4, faulting module
mfc80u.dll, version 8.0.50727.762, fault address 0x00030d08.

Error - 10/7/2008 9:21:14 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1004
Description = Faulting application SZServer.exe, version 5.0.16.4, faulting module
mfc80u.dll, version 8.0.50727.762, fault address 0x00030d08.

Error - 10/9/2008 12:10:26 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001f90.

Error - 10/10/2008 2:41:30 AM | Computer Name = YOUR-1SFDBKYKFJ | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 10/18/2008 6:58:41 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 11/1/2008 5:12:27 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = MsiInstaller | ID = 10005
Description = Product: Winkflash Transporter -- Winkflash Transporter Requires .NET
to be installed to function

Error - 11/1/2008 5:13:32 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = MsiInstaller | ID = 10005
Description = Product: Winkflash Transporter -- Winkflash Transporter Requires .NET
to be installed to function

[ System Events ]
Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 6:07:23 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/4/2008 10:34:19 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/4/2008 11:03:18 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/4/2008 11:03:40 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/4/2008 11:05:21 PM | Computer Name = YOUR-1SFDBKYKFJ | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
OTViewIt logfile created on: 11/12/2008 10:02:48 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.73 Mb Total Physical Memory | 385.85 Mb Available Physical Memory | 50.85% Memory free
1.44 Gb Paging File | 1.07 Gb Available in Paging File | 74.73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.79 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-1SFDBKYKFJ
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2004/07/10 20:35:10 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2004/07/10 20:35:10 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2003/08/29 08:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/08/29 08:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2007/10/24 23:21:39 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[2006/12/03 00:11:15 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[2007/12/20 23:52:47 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
[2005/01/25 05:13:52 | 00,385,024 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Persoanl Edition\ppped.exe
[2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/10/16 23:08:59 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
[2004/07/10 21:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2004/06/15 21:17:38 | 00,069,705 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
[2004/08/09 18:40:40 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2004/04/16 05:43:58 | 00,196,608 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
[2005/01/25 05:16:02 | 00,217,088 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Persoanl Edition\pppeuser.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/08/23 13:07:42 | 01,833,472 | ---- | M] (Mister Group) -- C:\Program Files\System Explorer\SystemExplorer.exe
[2008/09/23 07:26:50 | 01,064,960 | ---- | M] () -- C:\Program Files\TrueSwitchVerizon\TrueWizard.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/13 19:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
[2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/12 00:00:36 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/07/10 20:35:10 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2004/07/10 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 23:21:39 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2006/12/03 00:11:15 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/20 23:52:47 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/08/29 08:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2002/09/27 13:56:20 | 00,139,264 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2005/01/25 05:13:52 | 00,385,024 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Persoanl Edition\ppped.exe -- (ppped [Auto | Running])
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (x10nets [On_Demand | Stopped])

========== Driver Services ==========

[2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2004/08/09 18:39:40 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2003/12/15 12:28:46 | 00,257,872 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II [On_Demand | Running])
[2004/07/10 20:37:02 | 00,747,008 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/10/24 23:21:34 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2006/12/03 00:11:15 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/02/25 23:58:11 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/20 23:52:49 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/12/03 00:11:15 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2003/09/24 13:02:58 | 00,067,024 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2003/09/24 13:02:58 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/09/24 13:02:56 | 00,260,224 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2003/09/24 13:02:58 | 00,146,560 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2003/09/24 13:02:56 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2002/09/25 08:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/04/13 13:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt [On_Demand | Running])
[2003/11/13 21:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/13 21:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/01/29 21:13:06 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2002/06/21 18:42:50 | 00,008,224 | ---- | M] (MicroStaff Co.,Ltd.) -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT [Auto | Running])
[2004/01/16 17:21:48 | 00,012,970 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003/09/24 13:02:56 | 00,022,777 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2002/10/16 02:11:22 | 00,019,968 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2005/04/06 01:08:54 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/09/24 13:02:56 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/03/18 15:00:54 | 00,542,976 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
[2006/07/10 21:01:06 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2003/09/24 13:02:58 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2003/11/13 21:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/03/31 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2004/01/29 21:13:06 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2004/01/29 21:13:04 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" (ATI Technologies Inc.)
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe (ATI Technologies Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PowerPanel Personal Edition User Interaction"="C:\Program Files\CyberPower PowerPanel Persoanl Edition\pppeuser.exe" ()
"SystemExplorer"="C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY (Mister Group)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/09/23 07:26:50 | 01,064,960 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchVerizon\TrueWizard.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoSetTaskbar"=0
"NoToolbarsOnTaskbar"=0
"NoSaveSettings"=0
"NoActiveDesktop"=0
"ClassicShell"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %SystemRoot%\system32\msjava.dll [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
91 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: https://activatemyds...20Installer.cab -- Support.com Configuration Class
{0E5F0222-96B9-11D3-8997-00104BD12D94}: http://www.pcpitstop...p/PCPitStop.CAB -- PCPitstop Utility
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoft...s/as2stubie.cab -- ActiveScan 2.0 Installer Class
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www2.snapfish...fishActivia.cab -- Snapfish Activia
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.micros...b?1163824449875 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{9732FB42-C321-11D1-836F-00A0C993F125}: http://pcpitstop.com/mhLbl.cab -- mhLabel Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.ad...ash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.c...driveragent.cab -- Driver Agent ActiveX Control
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}: http://utilities.pcp.../pcpitstop2.dll -- PCPitstop Exam
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{BACA8D9A-893E-447B-B40B-37801CC6F46A} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll ()
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" (HKLM) -- C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/09 18:11:06 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b78cae6-a9cc-11db-a526-00111170e787}\Shell\AutoRun\command]
""=J:\CA_Install.exe -- File not found

========== Files/Folders - Created Within 60 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2008/11/12 21:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/11/12 21:31:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/12 21:31:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/12 21:31:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/12 21:31:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/12 21:31:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/12 21:29:45 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2008/11/12 00:00:27 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/11/11 23:52:01 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/11/11 23:40:19 | 00,012,219 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\And perhaps this, in light of what we elected.htm
[2008/11/11 23:40:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\And perhaps this, in light of what we elected_files
[2008/11/10 23:24:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2008/11/10 23:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/11/06 14:03:58 | 00,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2008/11/06 14:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iolo
[2008/11/06 14:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/11/05 21:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2008/11/05 21:26:53 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\System Explorer.lnk
[2008/11/05 21:26:52 | 00,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2008/11/05 02:10:04 | 02,637,700 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/11/04 16:34:30 | 00,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2008/11/04 16:33:59 | 00,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2008/11/02 00:18:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2008/11/01 16:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Winkflash.com
[2008/11/01 16:30:41 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/11/01 16:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2008/11/01 16:30:35 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Winkflash Transporter.lnk
[2008/11/01 16:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\Winkflash
[2008/11/01 16:26:26 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/11/01 16:26:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/11/01 16:26:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2008/10/30 16:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Kodak
[2008/10/30 16:10:37 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2008/10/30 16:10:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2008/10/29 23:39:38 | 00,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eudora.lnk
[2008/10/29 23:39:09 | 01,712,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2008/10/27 23:57:56 | 00,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs.lnk
[2008/10/23 22:44:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trymedia
[2008/10/23 22:43:04 | 00,000,000 | ---D | C] -- C:\Program Files\Global Star
[2008/10/23 18:01:59 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/10/23 18:01:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/10/23 17:58:20 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/23 17:58:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/10/23 17:58:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/10/22 22:23:18 | 03,541,024 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/22 22:23:18 | 00,042,908 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/22 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB
[2008/10/22 22:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/22 22:17:43 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/22 22:17:33 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/10/22 22:17:33 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/10/22 22:17:17 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/22 22:17:03 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/22 22:17:03 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/10/22 22:17:00 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/10/22 22:17:00 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/10/22 22:16:54 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/10/22 22:16:53 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/10/22 22:16:53 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/10/22 22:16:52 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/10/22 22:16:52 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/10/22 22:16:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/10/22 22:16:51 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/10/22 22:16:51 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/22 22:15:31 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/22 22:14:44 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/10/22 22:14:44 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/10/22 22:14:44 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/10/22 22:14:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/21 23:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\TrueSwitch
[2008/10/21 23:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TrueSwitch
[2008/10/21 23:05:09 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
[2008/10/21 23:05:04 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard Verizon.lnk
[2008/10/21 23:04:55 | 00,000,000 | ---D | C] -- C:\Program Files\TrueSwitchVerizon
[2008/10/21 22:21:15 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2008/10/21 22:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/10/21 14:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
[2008/10/20 09:51:51 | 00,000,000 | ---D | C] -- C:\Program Files\Opti
[2008/10/20 09:51:51 | 00,000,000 | ---D | C] -- C:\Program Files\BoxKing
[2008/10/19 21:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2008/10/19 21:00:35 | 00,339,257 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CleanUp452.exe
[2008/10/19 20:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Virus infection in xp - Geeks to Go!_files
[2008/10/14 22:51:00 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2008/10/14 22:51:00 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2008/10/14 22:50:58 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2008/10/14 22:50:58 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/14 22:50:58 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
  • 0

#13
cmomm
Posted 12 November 2008 - 09:29 PM

cmomm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
what is the situation with all the 'error' shown naming the computer name?---terminated?----does the system look clean now---sure hope so and thanks once again---
  • 0

#14
RatHat
Posted 12 November 2008 - 09:39 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts

why doesn't the 'Zone Alarm' firewall and 'AVG virus' not catch and kill these things before they get settled?


Unfortunately there are always malware writers updating their nasties to get around the AV's and Firewalls. They keep us in business :)

Lets run one more check though. Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please save that report to your desktop as Smitfraud.txt, and copy/paste the content into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#15
RatHat
Posted 12 November 2008 - 09:51 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Those errors are created by programs which come up against something which causes a problem for them. Mostly they are legitimate errors which are caused by everyday running of a computer. Sometimes they are caused by malware, and can be used as a guide for helpers to see what is causing problems.

Yours look normal.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP