Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad.yieldmanager.com

Started by sunbug , Mar 21 2009 11:29 PM

  • Please log in to reply

#1
sunbug
Posted 21 March 2009 - 11:29 PM

sunbug

    New Member

  • Member
  • Pip
  • 1 posts
When checking my yahoo email account, I am redirected to the following page

<<hxxp://www.google.com/hws/dell-usuk/afe?hl...A=5406805/R=0/* >>

where I see the following message

<< Sorry, we couldn't find hxxp://ad.yieldmanager.com/st%3Fad_type. Here are some related websites: >>

I followed the steps in the Malware / Spyware Cleaning guide to no avail.

Here is the rooter information:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - FAT32 - (Total:152509 Mo/Free:3624 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 03/22/2009| 0:08

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
---------- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
---------- C:\WINDOWS\wanmpsvc.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
---------- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
---------- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\msiexec.exe
---------- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Sun 03/22/2009| 0:09

Here is the OTListIt information:

OTListIt logfile created on: 3/21/2009 11:52:06 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Cyndy\My Documents\Clean Up Virus Files\OldTimer
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 119.56 Gb Free Space | 80.28% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LSGYB1
Current User Name: Cyndy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Cyndy\My Documents\Clean Up Virus Files\OldTimer\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MDM [Auto | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (UmxAgent [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxCfg [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (UmxFwHlp [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (UmxPol [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (VETMSGNT [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (KmxAgent [System | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxagent.sys (CA)
DRV - (KmxCF [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\KmxCF.sys (CA)
DRV - (KmxCfg [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxcfg.sys (CA)
DRV - (KmxFile [System | Running]) -- C:\WINDOWS\System32\DRIVERS\KmxFile.sys (CA)
DRV - (KmxFw [System | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxfw.sys (CA)
DRV - (KmxSbx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\KmxSbx.sys (CA)
DRV - (KmxStart [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVBulk [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVBulk.sys (Logitech Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PID_0960_V [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VET-FILT [System | Running]) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VET-REC [System | Running]) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VETMONNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
IE - URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/29 16:41:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/21 16:20:24 | 00,000,000 | ---D | M]


O1 HOSTS File: (303874 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10472 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: realarcade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tagged.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/...nx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (PopCapLoaderCtrl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...ersion=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\system32\UmxWnp.Dll (CA)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/21 22:52:47 | 12,336,8360 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cyndy\Desktop\Office2003SP3-KB923618-FullFile-ENU.exe
[2009/03/21 22:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Application Data\OfficeUpdate12
[2009/03/21 22:42:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/03/21 22:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Application Data\Windows Desktop Search
[2009/03/21 22:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/03/21 22:10:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/03/21 22:09:44 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/03/21 22:09:43 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/03/21 22:09:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/03/21 22:09:28 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/21 20:02:12 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Cyndy at 11 20 PM.job
[2009/03/21 20:01:56 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\HELP!!!.doc
[2009/03/21 16:48:50 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\ATF Cleaner.lnk
[2009/03/21 16:17:10 | 00,000,000 | ---D | C] -- C:\a013fb53562557e48e
[2009/03/21 16:16:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/21 14:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Application Data\Malwarebytes
[2009/03/21 14:25:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/21 14:25:49 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/21 14:25:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/21 14:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/21 14:25:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/21 14:22:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/21 14:21:57 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\NTREGOPT.lnk
[2009/03/21 14:21:57 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\ERUNT.lnk
[2009/03/21 14:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/21 14:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\Clean Up Virus Files
[2009/03/21 11:40:12 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/21 10:49:30 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/21 10:49:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/03/21 10:45:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/21 10:45:34 | 00,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 10:45:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/21 10:45:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/20 23:43:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Cyndy\Desktop\setup-spybotsd162.exe
[2009/03/20 22:25:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/20 16:07:07 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\eMusic.doc
[2009/03/20 15:53:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Application Data\Mozilla
[2009/03/20 15:53:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Application Data\eMusic
[2009/03/20 15:53:40 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/03/20 15:53:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Local Settings\Application Data\eMusic
[2009/03/20 15:53:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Local Settings\Application Data\Conduit
[2009/03/20 15:53:02 | 00,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
[2009/03/19 00:04:07 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\R12 GL Implementation Expert Needed.doc
[2009/03/18 21:34:20 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\Becoming an IT consultant.doc
[2009/03/17 15:19:53 | 03,735,552 | ---- | C] () -- C:\Documents and Settings\Cyndy\My Documents\Albums.mdb
[2009/03/17 15:15:57 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Cyndy\My Documents\My Data Sources
[2009/03/13 10:02:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\#search
[2009/03/11 12:59:07 | 00,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{590F5B28-E385-4B2E-A27F-A462612CEA6F}.job
[2009/03/11 09:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\Audrey
[2009/02/25 15:33:45 | 00,001,448 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\Go to RealArcade.lnk
[2009/02/25 09:26:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\Local Settings\Application Data\Qurb4
[2009/02/24 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\ORACLE TERMINATION INFO
[2009/02/24 18:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\COMPANIES
[2009/02/24 17:55:19 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\Unemployment Insurance Contact Log.xls
[2009/02/24 17:04:23 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Cyndy\Desktop\AOL Mail.url
[2009/02/23 20:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\Desktop Stuff
[2009/02/23 19:32:01 | 00,030,731 | ---- | C] () -- C:\Documents and Settings\Cyndy\My Documents\My Places.kmz
[2009/02/23 10:23:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyndy\My Documents\OOW
[2009/02/21 09:36:19 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\Cyndy\My Documents\Presentation1.ppt
[2009/02/21 08:25:20 | 00,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/21 22:52:48 | 12,336,8360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cyndy\Desktop\Office2003SP3-KB923618-FullFile-ENU.exe
[2009/03/21 22:42:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/21 22:13:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/21 22:13:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/21 22:13:16 | 32,108,83072 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/21 22:12:54 | 00,135,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/03/21 22:12:54 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/03/21 22:12:24 | 04,285,434 | -H-- | M] () -- C:\Documents and Settings\Cyndy\Local Settings\Application Data\IconCache.db
[2009/03/21 22:11:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/21 22:10:28 | 00,549,368 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/21 22:10:28 | 00,466,414 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/21 22:10:28 | 00,079,630 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/21 20:02:14 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Cyndy at 11 20 PM.job
[2009/03/21 20:01:58 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\HELP!!!.doc
[2009/03/21 19:52:26 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{590F5B28-E385-4B2E-A27F-A462612CEA6F}.job
[2009/03/21 16:49:20 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\ATF Cleaner.lnk
[2009/03/21 16:35:14 | 00,069,224 | ---- | M] () -- C:\Documents and Settings\Cyndy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/21 16:31:48 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 14:25:50 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/21 14:21:58 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\NTREGOPT.lnk
[2009/03/21 14:21:58 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\ERUNT.lnk
[2009/03/21 13:54:52 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\mileage.xls
[2009/03/21 10:45:36 | 00,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/20 23:53:32 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\Spybot - Search & Destroy.lnk
[2009/03/20 23:52:42 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Cyndy\Desktop\setup-spybotsd162.exe
[2009/03/20 21:09:24 | 00,087,990 | ---- | M] () -- C:\VETlog.dmp
[2009/03/20 21:09:24 | 00,000,708 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/20 18:57:30 | 03,735,552 | ---- | M] () -- C:\Documents and Settings\Cyndy\My Documents\Albums.mdb
[2009/03/20 16:07:10 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\eMusic.doc
[2009/03/19 21:50:10 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\Unemployment Insurance Contact Log.xls
[2009/03/19 00:04:10 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\R12 GL Implementation Expert Needed.doc
[2009/03/18 21:34:22 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\Becoming an IT consultant.doc
[2009/03/17 15:18:40 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Cyndy\My Documents\addresses.adp
[2009/03/17 15:18:22 | 05,275,648 | ---- | M] () -- C:\Documents and Settings\Cyndy\My Documents\Personal address book database.mdb
[2009/03/16 14:08:06 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\2009.xls
[2009/03/15 13:59:44 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\AOL Mail.url
[2009/03/09 14:06:58 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/02 15:56:38 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/27 12:26:04 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\2008.xls
[2009/02/25 15:33:46 | 00,001,448 | ---- | M] () -- C:\Documents and Settings\Cyndy\Desktop\Go to RealArcade.lnk
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/23 19:32:02 | 00,030,731 | ---- | M] () -- C:\Documents and Settings\Cyndy\My Documents\My Places.kmz
[2009/02/21 09:36:22 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Cyndy\My Documents\Presentation1.ppt
[2009/02/21 08:25:20 | 00,691,592 | ---- | M] () -- C:\WINDOWS\System32\OGACheckControl.DLL
< End of report >

And here is the Extras log information: As you can see from it, I am also having an issue with Office 2003. It wants a SP3 CD, but it was loaded by auto updates - A separate issue as far as I know.

OTListIt Extras logfile created on: 3/21/2009 11:47:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Cyndy\My Documents\Clean Up Virus Files\OldTimer
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 119.57 Gb Free Space | 80.28% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LSGYB1
Current User Name: Cyndy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Real\RealPlayer\REALPLAY.EXE:*:Enabled:RealPlayer (RealNetworks, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Common Files\AOL\1161050473\EE\aolsoftware.exe:*:Enabled:AOL Shared Components (AOL LLC)
C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed (AOL LLC)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information (AOL LLC)
C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL (America Online, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Acropolis" = Acropolis
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BroadJump Client Foundation" = BroadJump Client Foundation
"ERUNT_is1" = ERUNT 1.1j
"eTrust Suite Personal" = CA Internet Security Suite
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Logitech Print Service" = Logitech Print Service
"Mah Jong Medley" = Mah Jong Medley
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"Rainforest Adventure" = Rainforest Adventure
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super Gem Drop" = Super Gem Drop
"supercollapsepuzzlegallery3" = Super Collapse! Puzzle Gallery 3
"theriseofatlantis" = The Rise of Atlantis
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2009 11:46:01 PM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 3/21/2009 11:48:27 PM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 3/22/2009 12:02:04 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 3/22/2009 12:02:12 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1500.
Another installation is in progress. You must complete that installation before
continuing this one.

Error - 3/22/2009 12:02:15 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1500.
Another installation is in progress. You must complete that installation before
continuing this one.

Error - 3/22/2009 12:03:43 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1500.
Another installation is in progress. You must complete that installation before
continuing this one.

Error - 3/22/2009 12:14:48 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11933
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1933.
The Windows Installer service cannot update one or more protected Windows files.
SFP Error: 1223. List of protected files:\r\nc:\windows\system32\ctfmon.exe

Error - 3/22/2009 12:19:32 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11933
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1933.
The Windows Installer service cannot update one or more protected Windows files.
SFP Error: 21. List of protected files:\r\nc:\windows\system32\ctfmon.exe

Error - 3/22/2009 12:23:39 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11933
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1933.
The Windows Installer service cannot update one or more protected Windows files.
SFP Error: 21. List of protected files:\r\nc:\windows\system32\ctfmon.exe

Error - 3/22/2009 12:43:01 AM | Computer Name = D9LSGYB1 | Source = MsiInstaller | ID = 11933
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1933.
The Windows Installer service cannot update one or more protected Windows files.
SFP Error: 1223. List of protected files:\r\nc:\windows\system32\ctfmon.exe

[ System Events ]
Error - 3/22/2009 12:16:54 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:54 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2009 12:16:55 AM | Computer Name = D9LSGYB1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >


Thank you :)

Edited by Octagonal, 22 March 2009 - 05:18 AM.
Removed links

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP