Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware? Don't Know - Slow System Performance

Started by DerbyDad03 , Mar 14 2009 07:18 PM

  • Please log in to reply

#1
DerbyDad03
Posted 14 March 2009 - 07:18 PM

DerbyDad03

    Member

  • Member
  • PipPip
  • 78 posts
I might be in the wrong forum...my apologies if I am.

I don't know if I have a Malware problem or not, but I do know that my system seems extremely slow and seems to be getting worse.

- FireFox sometimes takes 20 - 30 seconds to open to my home page (Google).
- IE7 can take well over a minute. Sometimes IE7 will open and then sit at the Connecting screen for a long time. If I force quit, it will load a lot faster the next time.
- Once my screen saver kicks in and I wake the system up, it might take 30 secs or more before I can do anything.

If this is not the type of problem that can be addressed in this forum, please let me know where I should send my logs. I'd appreciate any advice you can offer.

I acknowledge that I have followed the instructions set forth in the Malware and Spyware Cleaning Guide.

Before I post my logs I should let you know that the Rooter.exe threw up the following message when I ran it. To clear the message I had to click Continue or Try Again or Cancel twice before the scan would run. I ran the app a few times and it always took some combination of 2 clicks to clear the message before the scan would run.

While the Rooter.exe window said Please Wait... this message popped up:

The title bar said: Windows - No Disk
The box had the dreaded Red X and said:
Exception Processing Message C0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Here are the requested logs:

Rooter.txt

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:78159 Mo/Free:1755 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)

03/14/2009|20:10

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
---------- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
---------- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Hewlett-Packard\Extended Keyboard\HpMmKbd.exe
---------- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
---------- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
---------- C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
---------- C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
---------- C:\WINDOWS\System32\HPZipm12.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
---------- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 03/14/2009|20:13

----------------------\\ Scan completed at 20:13

OTListIt.Txt

OTListIt logfile created on: 03/14/2009 8:22:57 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.7 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.94% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 33.71 Gb Free Space | 44.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIVINGROOM
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Hewlett-Packard\Extended Keyboard\HpMmKbd.exe (Hewlett-Packard Corp.)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe (TechSmith Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Dave\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (SandraDataSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe (SiSoftware)
SRV - (SandraTheSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe (SiSoftware)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (VETMSGNT [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Aspi32 [System | Running]) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HCWBT8XX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys (Hauppauge Computer Works)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )
DRV - (SANDRA [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Sandra.sys (SiSoftware)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ser2pl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (VET-FILT [System | Running]) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VET-REC [System | Running]) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VETMONNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.0
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.19.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/22 19:12:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/06 00:28:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/05 08:27:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/02/16 22:11:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/12/01 19:06:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS [2009/03/12 00:26:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS [2008/12/03 19:42:24 | 00,000,000 | ---D | M]
[2009/02/14 23:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mozilla\Extensions
[2009/02/14 23:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/13 23:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mozilla\Firefox\Profiles\m6zkonzt.default\extensions
[2009/02/28 13:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mozilla\Firefox\Profiles\m6zkonzt.default\extensions\[email protected]
[2009/02/14 23:07:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 08:27:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/05 08:27:12 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 08:27:12 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

O1 HOSTS File: (265834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9210 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HpMmKbd] "C:\Program Files\Hewlett-Packard\Extended Keyboard\HpMmKbd.exe" (Hewlett-Packard Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-3488ABDDC600} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab34120.cab (StagingUI Object)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0401.cab (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.clarkcolo...larkActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1121021608359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.h...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} https://mydesk-hq02....inalSvcsTCS.cab (TerminalSvcsTCSX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...all-131-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...-131_02-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab35645.cab (StadiumProxy Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab36385.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Euchre http://download.game...nts/y/et1_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - ( zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/14 20:22:17 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Dave\Desktop\OTListIt2.exe
[2009/03/14 20:10:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/14 20:10:04 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Dave\Desktop\Rooter.exe
[2009/03/14 11:25:29 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Dave\Desktop\mbam-setup.exe
[2009/03/14 11:22:27 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Dave\Desktop\NTREGOPT.lnk
[2009/03/14 11:22:27 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Dave\Desktop\ERUNT.lnk
[2009/03/14 11:22:03 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Dave\Desktop\erunt_setup.exe
[2009/03/14 11:20:20 | 00,009,334 | ---- | C] () -- C:\DOCUME~1\Dave\Desktop\SysRestorePoint_v13.zip
[2009/03/01 17:05:30 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Dave\My Documents\~$lineShapes.doc
[2009/03/01 17:05:28 | 03,996,672 | ---- | C] () -- C:\DOCUME~1\Dave\My Documents\InlineShapes.doc
[2009/02/22 14:09:43 | 00,051,200 | ---- | C] () -- C:\DOCUME~1\Dave\My Documents\Softball Contact Form.doc
[2009/02/22 01:39:01 | 00,000,034 | ---- | C] () -- C:\DOCUME~1\Dave\My Documents\JustRange.csv
[2009/02/22 01:32:15 | 00,000,059 | ---- | C] () -- C:\DOCUME~1\Dave\My Documents\JustMyRange.csv
[2009/02/22 00:59:47 | 00,382,061 | ---- | C] () -- C:\DOCUME~1\Dave\My Documents\Little League.pdf
[2009/02/17 23:02:56 | 00,040,448 | ---- | C] () -- C:\DOCUME~1\Dave\My Documents\Router Setup.doc
[2009/02/14 23:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Mozilla
[2009/02/14 23:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/13 19:39:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Dave\Desktop\Fred

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2 C:\DOCUME~1\Dave\My Documents\*.tmp files]
[2009/03/14 20:22:18 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Dave\Desktop\OTListIt2.exe
[2009/03/14 20:10:04 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Dave\Desktop\Rooter.exe
[2009/03/14 20:00:01 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 19:42:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 19:41:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 19:41:30 | 21,379,03104 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/14 11:25:34 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Dave\Desktop\mbam-setup.exe
[2009/03/14 11:22:27 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Dave\Desktop\NTREGOPT.lnk
[2009/03/14 11:22:27 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Dave\Desktop\ERUNT.lnk
[2009/03/14 11:22:04 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Dave\Desktop\erunt_setup.exe
[2009/03/14 11:20:22 | 00,009,334 | ---- | M] () -- C:\DOCUME~1\Dave\Desktop\SysRestorePoint_v13.zip
[2009/03/14 04:30:50 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Dave at 4 30 AM.job
[2009/03/11 07:16:53 | 00,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:04:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 00:16:20 | 00,525,036 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 00:16:20 | 00,443,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 00:16:20 | 00,072,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 17:15:10 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/03/05 21:48:40 | 00,024,576 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\Book1.xls
[2009/03/01 17:05:30 | 03,996,672 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\InlineShapes.doc
[2009/03/01 17:05:30 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Dave\My Documents\~$lineShapes.doc
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/22 14:56:29 | 00,051,200 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\Softball Contact Form.doc
[2009/02/22 01:39:01 | 00,000,034 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\JustRange.csv
[2009/02/22 01:34:37 | 00,000,059 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\JustMyRange.csv
[2009/02/22 01:02:47 | 00,382,061 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\Little League.pdf
[2009/02/17 23:02:56 | 00,040,448 | ---- | M] () -- C:\DOCUME~1\Dave\My Documents\Router Setup.doc
[2009/02/15 12:41:02 | 00,000,075 | ---- | M] () -- C:\WINDOWS\TaxACT08.ini
[2009/02/15 12:01:05 | 00,000,522 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp
[2009/02/13 23:55:42 | 00,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2009/02/13 23:55:42 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\06E5AC

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\ICQ.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\DOCUME~1\Dave\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\DOCUME~1\ALLUSE~1\Documents\Thumbs.db:encryptable
< End of report >

Extras.Txt

OTListIt Extras logfile created on: 03/14/2009 8:22:57 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.7 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.94% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 33.71 Gb Free Space | 44.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIVINGROOM
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel (Microsoft Corporation)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player (RealNetworks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}" = SPSS 14.0 for Windows Evaluation Version
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{536E1504-E2E0-4B25-9D61-5418DE8319A4}" = WinWay Resume Deluxe
"{588AA47B-9115-44D3-B2E5-4F10BC659D6C}" = Nokia PC Connectivity Solution
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9E5667DA-2EE7-4D1C-A1DE-D27300266EA5}" = Datasets and Data Analysis Plus 4.0 for Elementary Statistics
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XI.SP2 (Win64/32/CE)
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}" = Nokia Connectivity Cable Driver
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}" = Hallmark Card Studio 2005 Deluxe
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Acky's XP Breakout Demo" = Acky's XP Breakout Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe PhotoDeluxe Home Edition 4.1" = Adobe PhotoDeluxe Home Edition 4.1
"Adobe Shockwave Player" = Adobe Shockwave Player
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity_is1" = Audacity 1.2.6
"Avery Wizard 2.1 MSW2000" = Avery® Wizard 2.1 forMicrosoft® Word 2000
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.684
"C-Media Audio" = C-Media 3D Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ERUNT_is1" = ERUNT 1.1j
"eTrust Suite Personal" = CA Internet Security Suite
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.00
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hewlett-Packard Extended Keyboard" = Hewlett-Packard Extended Keyboard
"HijackThis" = HijackThis 1.99.1
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"hp psc 2170 series_Driver" = hp psc 2170 series
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Java Web Start" = Java Web Start
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LabelCreator Pro" = LabelCreator Pro
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"MinitabDeinstKeySV" = Minitab Student Release 12
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"Pandora's Jar (standalone)_is1" = Pandora's Jar (standalone) 8.1.1
"Picasa 3" = Picasa 3
"Playlist Creator 3" = Playlist Creator 3
"PrimoPDF3.0" = PrimoPDF
"Print Server" = Print Server
"PS2" = PS2
"Radio@Netscape" = Radio@Netscape
"RealPlayer 6.0" = RealPlayer
"Recordpad" = Recordpad
"Rhapsody" = Rhapsody
"SnagIt7" = SnagIt 7
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Stamp" = Stamp Uninstall
"Switch" = Switch Sound File Converter
"TaxACT 2002" = TaxACT 2002
"TaxACT 2003" = TaxACT 2003
"TaxACT 2004" = TaxACT 2004
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 New York" = TaxACT 2008 New York
"TaxACT New York 2002" = TaxACT New York 2002
"TaxACT New York 2003" = TaxACT New York 2003
"TaxACT New York 2004" = TaxACT New York 2004
"TaxACT New York 2005" = TaxACT New York 2005
"TaxACT New York 2006" = TaxACT New York 2006
"TaxACT New York 2007" = TaxACT New York 2007
"ToolBox" = NCH Toolbox
"VCast Music Essentials Manager" = V CAST Music Manager
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pixie" = Pixie 3.1 (remove only)
"Windows System Scanner" = Windows System Scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2009 8:57:36 PM | Computer Name = LIVINGROOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x629aaa80.

[ System Events ]
Error - 03/14/2009 12:01:33 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:33 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:33 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:33 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:33 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:33 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:34 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 12:01:34 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/14/2009 1:04:45 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 03/14/2009 1:04:45 AM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

[ TuneUp Events ]
Error - 12/08/2008 12:49:01 AM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/08/2008 1:13:04 AM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/17/2008 9:12:55 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/20/2008 9:50:53 AM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/20/2008 10:33:36 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 02/27/2009 9:59:01 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 02/28/2009 1:00:31 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 03/01/2009 3:41:37 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >


Thanks again!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP