Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

empty reg key 1-5-21 - don't know which malware/spyware I have


  • Please log in to reply

#1
ankochan

ankochan

    New Member

  • Member
  • Pip
  • 2 posts
I have followed all of the instructions on your Malware/SPyware Cleaning Guide. My IE is still getting hijacked to http://11picks.com/JnA9Y29sb3IrcGVuY2lsJm09YiZiPWNvbG9yK3BlbmNpbCZ1PTIwJnM9QQ==.cfm and also often getting "no internet connection" message...or "oops that link is broken" in error.

When I run Registry Easy, I have multiple empty Reg keys...I repair them, then run again and dozen appear again. All start with 1-5-21

Below are the logs from Otlistlt2:
OTListIt logfile created on: 4/4/2009 11:10:44 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.10.0 Folder = C:\Documents and Settings\ANN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 549.36 Mb Available Physical Memory | 53.75% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 163.05 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 76.33 Gb Total Space | 47.30 Gb Free Space | 61.97% Space Free | Partition Type: NTFS

Computer Name: ANN-DESKTOP
Current User Name: ANN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\CoffeeCup Software\CoffeeCup Flash Website Search\scheduler.exe ()
PRC - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Documents and Settings\ANN\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AdobeActiveFileMonitor5.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (AVGEMS [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (GoToMyPC [Auto | Running]) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (Angel2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Angel2.sys (Lumanate, Inc.)
DRV - (ASAPIW2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ASAPIW2k.sys (Pinnacle Systems GmbH)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\system32\drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (AvgTdi [Auto | Running]) -- C:\WINDOWS\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o.)
DRV - (CamDrL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GearAspiWDM [System | Running]) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SSFS0509 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.annkullberg.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.annkullberg.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/05/29 15:00:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/07 08:28:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B9FEAEA0-185B-414C-AB1B-AB840DB2C7CB}: C:\DOCUMENTS AND SETTINGS\ANN\LOCAL SETTINGS\APPLICATION DATA\{B9FEAEA0-185B-414C-AB1B-AB840DB2C7CB} [2009/03/24 00:39:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\MOZILLA FIREFOX\COMPONENTS [2009/03/10 10:09:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\MOZILLA FIREFOX\PLUGINS [2009/03/02 04:04:17 | 00,000,000 | ---D | M]

[2009/03/27 15:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ANN\Application Data\mozilla\Firefox\Profiles\yewrr640.default\extensions
[2006/06/17 17:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ANN\Application Data\mozilla\Firefox\Profiles\yewrr640.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2009/02/01 15:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ANN\Application Data\mozilla\Firefox\Profiles\yewrr640.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/09/19 17:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ANN\Application Data\mozilla\Firefox\Profiles\yewrr640.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/12/14 21:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ANN\Application Data\mozilla\Firefox\Profiles\yewrr640.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/06/26 16:27:36 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\ANN\Application Data\Mozilla\FireFox\Profiles\yewrr640.default\searchplugins\wikipedia.xml
[2008/05/14 18:21:26 | 00,001,628 | ---- | M] () -- C:\Documents and Settings\ANN\Application Data\Mozilla\FireFox\Profiles\yewrr640.default\searchplugins\youtube.xml
[2009/03/27 15:00:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/27 10:09:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/10 17:16:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2007/04/11 14:48:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/15 10:31:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/21 15:31:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/30 15:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/07 08:29:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/02/27 10:09:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/27 10:09:37 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/02/27 10:09:37 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/02/27 10:09:37 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/02/27 10:09:37 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/02/27 10:09:37 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/02/27 10:09:57 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/27 10:09:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/27 10:09:57 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/27 10:09:57 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/27 10:09:57 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/27 10:09:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart (Google)
O4 - HKLM..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall File not found
O4 - HKLM..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg ()
O4 - HKLM..\Run: [Rdubemomixefen] rundll32.exe "C:\WINDOWS\acexeqay.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CoffeeCup Web Search Scheduler] "C:\PROGRA~1\COFFEE~1\COFFEE~1\scheduler.exe" -min ()
O4 - HKCU..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKCU..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\ANN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\ANN\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html File not found
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: bankofamerica.com ([sitekey] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...Fix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} http://www.winkflash...ers/SAXFile.cab (SAXFile FileUpload ActiveX Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.winkflash...geUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.vcrlter.v...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://www.carillonc...activex/AMC.cab (AxisMediaControlEmb Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/04 11:08:31 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\ANN\Desktop\OTListIt2.exe
[2009/04/04 11:03:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 11:03:26 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\Rooter.exe
[2009/04/04 10:58:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/04 10:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ANN\Application Data\Malwarebytes
[2009/04/04 10:33:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/04 10:33:54 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/04 10:33:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/04 10:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/04 10:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/04 10:32:25 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\ANN\Desktop\mbam-setup.exe
[2009/04/04 10:30:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 10:27:52 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\ANN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/04 10:27:27 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\NTREGOPT.lnk
[2009/04/04 10:27:27 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\ERUNT.lnk
[2009/04/04 10:27:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/04 10:23:19 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ANN\Desktop\SysRestorePoint_v13
[2009/04/04 01:14:56 | 00,000,042 | ---- | C] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2009/04/04 01:08:26 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/04/04 01:08:21 | 00,000,681 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\Registry Easy.lnk
[2009/04/04 01:08:20 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2009/04/04 00:19:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ANN\Application Data\RegistryDefense
[2009/03/30 15:42:47 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/03/30 15:42:47 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009/03/30 15:42:35 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2009/03/30 15:42:35 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009/03/30 15:42:31 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys
[2009/03/30 15:42:31 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009/03/25 16:48:55 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\�113.�sys
[2009/03/25 16:48:53 | 00,000,871 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\CoffeeCup Web Form Builder.lnk
[2009/03/24 10:48:06 | 00,018,670 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\cpcicon.ICO
[2009/03/24 10:42:16 | 00,018,670 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\favicon.ICO
[2009/03/24 00:39:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ANN\Local Settings\Application Data\{B9FEAEA0-185B-414C-AB1B-AB840DB2C7CB}
[2009/03/24 00:07:58 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\�3113.sys
[2009/03/24 00:07:57 | 00,001,923 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\CoffeeCup Flash Website Search.lnk
[2009/03/24 00:07:37 | 00,938,272 | ---- | C] (WeOnlyDo! Inc.) -- C:\WINDOWS\System32\wodFtpDLX.OCX
[2009/03/24 00:07:34 | 00,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2009/03/24 00:03:05 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/19 19:20:52 | 00,019,078 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\hawes.jpg
[2009/03/11 03:00:47 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 10:30:31 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2009/03/10 10:20:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/09 17:12:47 | 00,001,016 | ---- | C] () -- C:\DOCUME~1\ANN\Desktop\cc_20090309_171245.reg
[2007/07/11 16:46:59 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/14 23:09:22 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/14 23:09:22 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/24 13:50:46 | 00,001,060 | ---- | C] () -- C:\WINDOWS\pae.ini
[2006/10/16 23:38:13 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\zbq_Q1swg.ini
[2006/06/24 12:55:35 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/24 12:55:35 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/24 12:41:18 | 00,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/06/17 19:17:35 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/17 17:16:27 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2006/06/17 16:17:09 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006/06/17 16:17:09 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2006/06/17 00:59:08 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/17 00:59:08 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\985C49B64A.sys
[2006/06/17 00:49:20 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/03 12:09:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/03 12:05:31 | 00,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/03 12:01:59 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/03 11:30:34 | 00,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/06/03 11:30:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/06/03 11:30:02 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:43:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2005/08/16 02:40:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2005/08/16 02:40:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2005/08/16 02:38:33 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2005/08/16 02:38:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2005/08/16 02:37:25 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2005/08/16 02:37:25 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2005/08/16 02:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:39 | 00,470,894 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2005/08/16 02:33:38 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:19:02 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2005/08/16 02:19:02 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2005/08/16 02:18:44 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2005/08/16 02:18:43 | 00,000,930 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 02:18:41 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2005/08/16 02:18:41 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2005/08/16 02:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 02:18:35 | 00,291,840 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2005/08/16 02:18:35 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2005/08/16 02:18:34 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2005/08/16 02:18:33 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2005/08/16 02:18:33 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 02:18:33 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2005/08/16 02:18:33 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2005/08/16 02:18:33 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2005/08/16 02:18:33 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2005/08/16 02:18:33 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2005/08/16 02:18:33 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2005/08/16 02:18:33 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2005/08/16 02:18:33 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2005/08/16 02:18:33 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2005/08/16 02:18:33 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2005/08/16 02:18:33 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2005/08/16 02:18:29 | 00,141,372 | ---- | C] () -- C:\WINDOWS\System32\msruwlxqlbs.dll
[2005/08/16 02:18:29 | 00,141,372 | ---- | C] () -- C:\WINDOWS\System32\msiqehkebru.dll
[2005/08/16 02:18:29 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2005/08/16 02:18:29 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2005/08/16 02:18:29 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2005/08/16 02:18:29 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2005/08/16 02:18:29 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2005/08/16 02:18:29 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2005/08/16 02:18:29 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2005/08/16 02:18:29 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2005/08/16 02:18:29 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2005/08/16 02:18:29 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2005/08/16 02:18:28 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2005/08/16 02:18:25 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2005/08/16 02:18:25 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2005/08/16 02:18:25 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2005/08/16 02:18:25 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2005/08/16 02:18:23 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2005/08/16 02:18:22 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2005/08/16 02:18:22 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2005/08/16 02:18:22 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2005/08/16 02:18:20 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2005/08/16 02:18:19 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2005/08/16 02:18:16 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2005/08/16 02:18:16 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2005/08/16 02:18:08 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2005/08/16 02:18:08 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2005/08/16 02:18:07 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2005/08/16 02:18:05 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2005/08/16 02:18:04 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2005/08/16 02:18:03 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2005/08/16 02:18:03 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2005/08/05 12:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 20:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

========== Files - Modified Within 30 Days ==========

[289 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/04 11:10:40 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\ANN\Desktop\OTListIt2.exe
[2009/04/04 11:03:33 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\Rooter.exe
[2009/04/04 10:57:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 10:54:45 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/04 10:54:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 10:53:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 10:53:46 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 10:33:54 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/04 10:32:27 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\ANN\Desktop\mbam-setup.exe
[2009/04/04 10:27:52 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\ANN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/04 10:27:27 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\NTREGOPT.lnk
[2009/04/04 10:27:27 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\ERUNT.lnk
[2009/04/04 10:14:20 | 00,000,930 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/04 10:14:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/04 10:14:20 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/04/04 05:03:38 | 00,000,774 | ---- | M] () -- C:\WINDOWS\tasks\Backup1.job
[2009/04/04 01:14:56 | 00,000,042 | ---- | M] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2009/04/04 01:08:26 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/04/04 01:08:21 | 00,000,681 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\Registry Easy.lnk
[2009/04/04 00:19:16 | 00,470,894 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/04 00:19:16 | 00,402,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/04 00:19:16 | 00,063,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/03 22:27:30 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/30 16:37:56 | 00,000,349 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\PCLECHAL.INI
[2009/03/30 16:02:57 | 00,219,136 | ---- | M] () -- C:\Documents and Settings\ANN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 14:41:09 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 16:48:55 | 00,000,013 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\�113.�sys
[2009/03/25 16:48:53 | 00,000,871 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\CoffeeCup Web Form Builder.lnk
[2009/03/24 10:42:21 | 00,018,670 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\favicon.ICO
[2009/03/24 10:42:21 | 00,018,670 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\cpcicon.ICO
[2009/03/24 00:07:58 | 00,000,013 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\�3113.sys
[2009/03/24 00:07:57 | 00,001,923 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\CoffeeCup Flash Website Search.lnk
[2009/03/19 19:20:52 | 00,019,078 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\hawes.jpg
[2009/03/11 03:10:24 | 00,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:02:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 17:20:49 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2009/03/09 17:13:18 | 00,001,016 | ---- | M] () -- C:\DOCUME~1\ANN\Desktop\cc_20090309_171245.reg
< End of report >



OTListIt Extras logfile created on: 4/4/2009 11:10:44 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.10.0 Folder = C:\Documents and Settings\ANN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 549.36 Mb Available Physical Memory | 53.75% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 163.05 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 76.33 Gb Total Space | 47.30 Gb Free Space | 61.97% Space Free | Partition Type: NTFS

Computer Name: ANN-DESKTOP
Current User Name: ANN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"32459:TCP" = 32459:TCP:*:Enabled:MuTorrent
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 (IniCom Networks, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:�Torrent File not found
C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable (Microsoft Corporation)
C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 (IniCom Networks, Inc.)
C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe (GRISOFT, s.r.o.)
C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server ()
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk (Google)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35917680-C0DA-4618-B878-54B74694A2FB}" = Yahoo! Widget Engine
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype� 3.8
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AI RoboForm" = AI RoboForm (All Users)
"ATI Display Driver" = ATI Display Driver
"AVG7Uninstall" = AVG Free Edition
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CoffeeCup Flash Website Search - Registered" = CoffeeCup Flash Website Search - Registered
"CoffeeCup Flash Website Search - Trial" = CoffeeCup Flash Website Search - Trial
"CoffeeCup Web Form Builder - Trial" = CoffeeCup Web Form Builder - Trial
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ExplorerXP" = ExplorerXP (remove only)
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetscapeRoboformPlugin" = AI RoboForm Adapter for Firefox/Mozilla/Netscape
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Connections Drivers
"QBeez" = QBeez
"QBeez 2" = QBeez 2
"QBz" = QBz
"QcDrv" = Logitech� Camera Driver
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Registry Easy_is1" = Registry Easy v4.9
"RegistryDefense" = RegistryDefense
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widget Engine
"Yapta" = Yapta
"Zoo Tycoon 2" = Zoo Tycoon 2 Endangered Species

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2009 4:13:43 AM | Computer Name = ANN-DESKTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1138234054.

Error - 4/3/2009 4:14:17 AM | Computer Name = ANN-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2009 4:14:30 AM | Computer Name = ANN-DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1110235319.

Error - 4/3/2009 7:02:57 AM | Computer Name = ANN-DESKTOP | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
On Mode: Replace Type: Normal Consult the backup report for more details.

Error - 4/3/2009 7:02:58 AM | Computer Name = ANN-DESKTOP | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 4/4/2009 1:53:27 AM | Computer Name = ANN-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
hpqusg.dll, version 100.0.170.0, fault address 0x0002640c.

Error - 4/4/2009 1:53:34 AM | Computer Name = ANN-DESKTOP | Source = Application Error | ID = 1001
Description = Fault bucket 604327984.

Error - 4/4/2009 3:17:54 AM | Computer Name = ANN-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application FlashFXP.exe, version 3.6.0.1240, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 3:19:40 AM | Computer Name = ANN-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0001166b.

Error - 4/4/2009 7:36:48 AM | Computer Name = ANN-DESKTOP | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
On Mode: Replace Type: Normal Consult the backup report for more details.

[ System Events ]
Error - 4/4/2009 1:48:45 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:48:51 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:48:53 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:48:55 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:48:57 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:48:59 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:49:01 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 1:56:28 PM | Computer Name = ANN-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/4/2009 2:04:29 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/4/2009 2:04:38 PM | Computer Name = ANN-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >
  • 0

Advertisements


#2
ankochan

ankochan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Rooter log
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:233609 Mo/Free:3143 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:6368 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Fixed] - NTFS - (Total:78159 Mo/Free:3382 Mo)

Sat 04/04/2009|12:05

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
---------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
---------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
---------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
---------- C:\WINDOWS\system32\LVCOMSX.EXE
---------- C:\Program Files\Google\Google Talk\googletalk.exe
---------- C:\Program Files\Logitech\Video\LogiTray.exe
---------- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\PROGRA~1\COFFEE~1\COFFEE~1\scheduler.exe
---------- C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
---------- C:\Program Files\Logitech\Video\FxSvr2.exe
---------- C:\WINDOWS\system32\dllhost.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
---------- C:\Program Files\Outlook Express\msimn.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009|11:04
2 - "C:\Rooter$\Rooter_2.txt" - Sat 04/04/2009|12:06

----------------------\\ Scan completed at 12:06
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP