Handhfan,
No Combofix log - so here's the OTListIT log
OTListIt logfile created on: 3/5/2009 8:39:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\home\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 208.50 Mb Available Physical Memory | 40.88% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.24% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 6.19 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOMEPC
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Eset\nod32krn.exe (Eset )
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Verizon\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Eset\nod32kui.exe (Eset )
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\home\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NOD32krn [Auto | Running]) -- C:\Program Files\Eset\nod32krn.exe (Eset )
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (vpnagent [Auto | Running]) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
========== Driver Services (SafeList) ========== DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AMON [Auto | Running]) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (E1000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (hamachi_oem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gan_adapter.sys (Applied Networking Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (KLIF [System | Running]) -- C:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (nod32drv [System | Running]) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (vpnva [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vpnva.sys (Cisco Systems, Inc.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs, LLC)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "
http://en-us.start.m...en-US:official"FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> %ProgramFiles%\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/04/15 02:52:14 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/01 19:21:16 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/12 04:39:51 00,000,000 | ---D | M]
FF - C:\Documents and Settings\home\Application Data\mozilla\Extensions [2009/02/12 04:40:18 00,000,000 | ---D | M]
FF - C:\Documents and Settings\home\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/12 04:40:18 00,000,000 | ---D | M]
FF - C:\Documents and Settings\home\Application Data\mozilla\Firefox\Profiles\gbee9uyi.default\extensions [2007/02/01 20:30:42 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/12 04:40:20 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/12 04:39:51 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (BitComet)
O2 - BHO: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: dewberry.com ([bluesky] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
https://activatemyds...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4}
http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566}
https://bluesky.dewb...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1168025685250 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A}
http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814}
http://appsnet.bentl...d/SAXFileEE.cab (SAXFileEE FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
http://3dlifeplayer....l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C}
http://portals.jacob...eTransferEN.cab (PWFileTransfer Control)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6}
http://www.candystan...acheManager.CAB (CacheManager.CacheManagerCtrl)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\home\My Documents\*.tmp files]
[2009/03/05 20:36:34 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTListIt2.exe
[2009/03/03 20:48:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\Downloads
[2009/03/03 20:48:14 | 00,002,237 | ---- | C] () -- C:\Documents and Settings\home\Desktop\Google Chrome.lnk
[2009/03/03 20:47:14 | 00,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1326574676-839522115-1003.job
[2009/03/03 20:43:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Deployment
[2009/03/03 20:27:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/03 20:27:05 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/03 20:26:53 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/03/03 20:23:10 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmd.exe
[2009/03/03 20:23:10 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/03/03 20:22:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\cmddgi
[2009/03/03 20:16:40 | 00,106,645 | ---- | C] () -- C:\Documents and Settings\home\Desktop\cmddgi.zip
[2009/03/02 19:47:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/03/02 12:27:32 | 02,933,037 | R--- | C] () -- C:\Documents and Settings\home\Desktop\ComboFix.exe
[2009/03/02 09:36:21 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\home\Desktop\HijackThis.lnk
[2009/03/02 09:36:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/02 09:35:48 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\home\Desktop\HJTInstall.exe
[2009/03/02 08:50:20 | 00,133,120 | ---- | C] () -- C:\Documents and Settings\home\My Documents\topo-temp-04606102-Dewberry[2].dgn
[2009/03/01 20:23:41 | 03,863,808 | ---- | C] (ESET) -- C:\Documents and Settings\home\Desktop\SysInspector.exe
[2009/03/01 19:43:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/01 19:42:49 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\home\Desktop\NTREGOPT.lnk
[2009/03/01 19:42:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\home\Desktop\ERUNT.lnk
[2009/03/01 19:42:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/01 19:40:01 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\home\Desktop\erunt_setup.exe
[2009/03/01 19:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRestore
[2009/03/01 16:07:40 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/01 11:21:00 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/01 11:20:07 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/02/28 07:24:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\U3
[2009/02/28 07:24:30 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/02/28 07:24:30 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2009/02/26 04:19:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/26 04:19:19 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/26 04:19:15 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/26 04:19:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\SUPERAntiSpyware.com
[2009/02/26 04:18:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/26 04:17:57 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\home\Desktop\SUPERAntiSpyware.exe
[2009/02/25 22:26:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Malwarebytes
[2009/02/25 22:26:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/25 22:26:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/25 22:26:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/25 22:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/25 22:26:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/25 22:25:11 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\home\Desktop\mbam-setup.exe
[2009/02/24 21:30:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/02/24 21:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco
[2009/02/21 14:51:50 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\home\My Documents\infomercial.doc
[2009/02/20 07:29:12 | 00,003,936 | ---- | C] () -- C:\Documents and Settings\home\My Documents\questions for dr_ fuhrman.eml
[2009/02/16 08:50:02 | 01,602,637 | ---- | C] () -- C:\Documents and Settings\home\Desktop\hr1_engrossed.pdf
[2009/02/11 04:49:13 | 03,252,692 | ---- | C] () -- C:\Documents and Settings\home\Desktop\Dental_Claim_Form.pdf
[2009/02/10 20:11:37 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\home\My Documents\writingideas.doc
========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\home\My Documents\*.tmp files]
[2009/03/05 20:36:57 | 42,594,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/05 20:36:42 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTListIt2.exe
[2009/03/05 20:30:23 | 00,352,917 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/05 20:30:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/05 20:30:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/05 19:28:46 | 00,499,892 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/05 17:49:14 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1326574676-839522115-1003.job
[2009/03/04 21:07:53 | 00,001,152 | -H-- | M] () -- C:\Documents and Settings\home\My Documents\Default.rdp
[2009/03/03 20:48:14 | 00,002,237 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Google Chrome.lnk
[2009/03/03 20:27:05 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/03 20:16:40 | 00,106,645 | ---- | M] () -- C:\Documents and Settings\home\Desktop\cmddgi.zip
[2009/03/02 12:29:00 | 02,933,037 | R--- | M] () -- C:\Documents and Settings\home\Desktop\ComboFix.exe
[2009/03/02 09:36:21 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\home\Desktop\HijackThis.lnk
[2009/03/02 09:35:50 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\home\Desktop\HJTInstall.exe
[2009/03/02 08:47:56 | 00,133,120 | ---- | M] () -- C:\Documents and Settings\home\My Documents\topo-temp-04606102-Dewberry[2].dgn
[2009/03/01 20:23:48 | 03,863,808 | ---- | M] (ESET) -- C:\Documents and Settings\home\Desktop\SysInspector.exe
[2009/03/01 19:42:49 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\home\Desktop\NTREGOPT.lnk
[2009/03/01 19:42:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\home\Desktop\ERUNT.lnk
[2009/03/01 19:40:24 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\home\Desktop\erunt_setup.exe
[2009/03/01 11:26:54 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/26 20:55:35 | 01,656,336 | -H-- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\IconCache.db
[2009/02/26 04:19:19 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/26 04:17:59 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\home\Desktop\SUPERAntiSpyware.exe
[2009/02/25 22:26:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/25 22:25:31 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\home\Desktop\mbam-setup.exe
[2009/02/22 07:32:27 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\home\My Documents\infomercial.doc
[2009/02/20 07:34:44 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\home\My Documents\writingideas.doc
[2009/02/20 07:29:14 | 00,003,936 | ---- | M] () -- C:\Documents and Settings\home\My Documents\questions for dr_ fuhrman.eml
[2009/02/16 16:50:22 | 00,141,824 | ---- | M] () -- C:\Documents and Settings\home\Desktop\polliwogplaceexpenses.xls
[2009/02/16 16:50:05 | 00,141,824 | ---- | M] () -- C:\Documents and Settings\home\My Documents\polliwogplaceexpenses.xls
[2009/02/16 08:50:02 | 01,602,637 | ---- | M] () -- C:\Documents and Settings\home\Desktop\hr1_engrossed.pdf
[2009/02/15 16:22:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 04:49:13 | 03,252,692 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Dental_Claim_Form.pdf
[2009/02/10 10:38:15 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Microsoft Office Excel 2003.lnk
========== LOP Check ========== [2009/02/26 04:19:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/01 07:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/04/07 09:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley
[2008/02/06 19:22:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley-08.11.00.50-WIP
[2009/02/24 21:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2008/09/21 07:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2007/12/25 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/21 05:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\itmvozkh
[2008/08/26 03:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/25 22:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/24 21:30:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/01/29 19:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/08/23 07:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/02/25 20:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2009/02/26 04:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/12 09:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/05 14:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/11/01 15:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/02/28 08:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/02/28 07:24:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\home\Application Data
[2009/03/01 07:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Adobe
[2007/04/07 09:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Bentley
[2009/02/28 08:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\CameraWindowDC
[2008/04/25 20:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\CANON INC
[2008/08/23 18:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/02/11 19:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\DivX
[2008/02/18 09:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Google
[2007/01/05 14:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Identities
[2008/11/26 12:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Luxology
[2007/07/05 06:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Macromedia
[2009/02/25 22:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Malwarebytes
[2008/04/29 19:06:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\home\Application Data\Microsoft
[2007/02/05 08:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Motive
[2008/10/22 06:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Move Networks
[2009/02/12 04:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla
[2007/11/29 21:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\ProjectWise
[2008/02/25 20:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Quark
[2008/01/30 07:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Real
[2007/02/03 21:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\SecondLife
[2007/01/29 19:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Sun
[2009/02/26 04:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\SUPERAntiSpyware.com
[2009/02/28 07:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\U3
[2007/01/29 19:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Verizon
[2007/06/12 21:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\vlc
[2007/11/01 15:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Yahoo!
[2009/02/28 08:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\ZoomBrowser EX
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/05 17:49:14 | 00,000,922 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1326574676-839522115-1003.job
[2009/03/05 20:30:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DAABF18
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\home\Desktop\Thumbs.db:encryptable
< End of report>
############################################################
Here's extras.txt
OTListIt Extras logfile created on: 3/5/2009 8:39:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\home\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 208.50 Mb Available Physical Memory | 40.88% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.24% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 6.19 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOMEPC
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)
"{17E1BC18-8B8C-4160-B759-C47294B5A9C2}" = Cisco AnyConnect VPN Client
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2472DD00-D197-4310-A8ED-0171119A84C9}" = Bentley MicroStation V8 Athens Edition 08.11.00.50-WIP
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{5AD315BE-2E3E-446D-8FF9-75A73445DC47}" = Bentley MicroStation V8i 08.11.05.17
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{6C902450-3EEB-4A9D-9B34-A42248B8C30F}" = Bentley MicroStation V8 XM Edition 08.09.03.65
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C167BA1-A880-45DE-AC2D-5B9201BF4040}" = Bentley InRoads Group XM Edition (V8.9)
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{9FDA98CF-9B2E-439C-95D9-BCD7D5713D60}" = MicroStation
"{9FDA98CF-9B2E-439C-95D9-BCD7D5713D60}_0" = Bentley MicroStation (V 08.05.02.55) - 1
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.31
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E7E254C0-94AA-4B33-AF6D-5276A169A680}" = TONKA Search & Rescue 2
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Bentley MicroStation (V 07.01.05.03)" = Bentley MicroStation (V 07.01.05.03)
"BitComet" = BitComet 0.83
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Diego's Wolfpup Rescue" = Diego's Wolfpup Rescue
"Dig'nRigs" = Dig'nRigs
"DivX Content Uploader" = DivX Content Uploader
"Dr. Seuss Kindergarten 1.0" = Dr. Seuss Kindergarten
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FLVPlayer" = FLV Player 1.3.3
"HijackThis" = HijackThis 2.0.2
"hp deskjet 960c series" = hp deskjet 960c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"JSKR_1.2" = JumpStart Reading for Kindergartners v1.2
"JSMUSIC_1.0" = JumpStart Music v1.0
"KG98_2.5" = JumpStart Kindergarten 98 v2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mbjr32" = Math Blaster Ages 4-6
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Millie and Bailey Preschool" = Millie and Bailey Preschool
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 Antivirus System
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Verizon Online Help and Support" = Verizon Online Help and Support
"Virtools3DLifePlayer" = Virtools 3D Life Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"VZBB" = Verizon Broadband Toolbar
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ========== [ Application Events ]