Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinPC Defender


  • Please log in to reply

#1
chayodd

chayodd

    New Member

  • Member
  • Pip
  • 1 posts
Hello, my computer has been possesed by WinPC Defender and,
I have gone through the malware removal guide, but I could not get malwarebytes to run. Everything else went ok. I tried installing and unistalling it four times, with changing its name each time. The only apparent symptom I have is that my browser gets redirected. I had gone to some of the self help sites, and followed their directions on removing the files from my registry but could not find all of them.
Here are my OTList.txt, Extras.txt and Rooter logs.

And thank you very much for all of your help.



OTListIt logfile created on: 4/4/2009 5:34:42 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\bigdaddy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 78.47% Memory free
2.85 Gb Paging File | 2.62 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.47 Gb Total Space | 12.47 Gb Free Space | 25.72% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 1.00 Gb Free Space | 13.50% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGOLDENONE
Current User Name: bigdaddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\bigdaddy\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2006/02/16 03:35:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/01/27 21:09:22 | 00,000,000 | ---D | M]


O1 HOSTS File: (303042 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEocx Class) - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Sites: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Sites: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Sites: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Sites: yahoo.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\bigdaddy\Application Data\*.tmp files]
[2009/04/04 17:28:04 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bigdaddy\Desktop\OTListIt2.exe
[2009/04/04 17:24:07 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 17:23:59 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\bigdaddy\Desktop\Rooter.exe
[2009/04/04 17:21:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/04 17:21:56 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/04 17:21:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/04 17:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/04 17:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/04 17:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/04 17:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/04/04 17:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/04 17:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/04 17:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/04/04 17:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/04 17:05:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/04/04 16:36:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/04/04 16:36:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/04/04 16:11:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 16:10:28 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\bigdaddy\Desktop\NTREGOPT.lnk
[2009/04/04 16:10:28 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\bigdaddy\Desktop\ERUNT.lnk
[2009/04/04 16:10:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/04 16:09:45 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\bigdaddy\Desktop\erunt_setup.exe
[2009/04/04 16:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bigdaddy\Desktop\SysRestorePoint_v13
[2009/04/04 16:03:49 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\bigdaddy\Desktop\SysRestorePoint_v13.zip
[2009/04/04 12:00:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bigdaddy\Desktop\Downloads
[2009/04/04 12:00:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bigdaddy\Application Data\GetRightToGo
[2009/04/04 09:09:39 | 00,027,136 | ---- | C] () -- C:\WINDOWS\ieocx.dll
[2009/04/03 13:46:43 | 01,022,464 | ---- | C] () -- C:\Documents and Settings\bigdaddy\Application Data\pcdefender.exe
[2009/04/02 19:03:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bigdaddy\Application Data\Move Networks
[2009/03/19 07:23:56 | 00,006,890 | ---- | C] () -- C:\Documents and Settings\bigdaddy\My Documents\CHAD LOGAN RESUME ....rtf
[2009/03/16 07:13:47 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/16 07:13:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2009/03/15 18:32:57 | 00,007,050 | ---- | C] () -- C:\Documents and Settings\bigdaddy\My Documents\CHAD LOGAN RESUME 3-2009[1].doc
[2009/03/14 12:07:49 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\bigdaddy\My Documents\ChadResume[1].wps
[2009/03/14 11:59:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2009/03/14 11:59:37 | 00,000,232 | -H-- | C] () -- C:\sqmdata19.sqm
[2009/03/14 11:53:27 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2009/03/14 11:53:27 | 00,000,232 | -H-- | C] () -- C:\sqmdata18.sqm
[2009/03/14 11:52:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2009/03/14 11:52:00 | 00,000,232 | -H-- | C] () -- C:\sqmdata17.sqm
[2009/03/14 11:51:42 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2009/03/14 11:51:42 | 00,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2009/03/14 04:40:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2009/03/14 04:40:06 | 00,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2009/03/14 04:39:01 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2009/03/14 04:39:01 | 00,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2009/03/07 12:50:38 | 17,171,093 | ---- | C] () -- C:\Documents and Settings\bigdaddy\Desktop\JP_ZT2.zip
[2009/03/07 08:58:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2008/05/02 20:52:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/02/10 21:14:52 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/16 03:39:42 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/16 03:36:04 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/16 03:19:18 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/16 03:04:54 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 03:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 06:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:30 | 00,477,670 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/07 06:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:58:22 | 00,000,498 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 05:58:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/07 05:57:54 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:54:38 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/07 05:54:38 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/06 22:47:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 01:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/04 01:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/04 01:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/04 01:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/04 01:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/04 01:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/04 01:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/04 01:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/04 01:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 01:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/04 01:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/04 01:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/04 01:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/04 01:00:00 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2004/08/04 01:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/04 01:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/04 01:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/04 01:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/04 01:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/04 01:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/04 01:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/04 01:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/04 01:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/04 01:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/04 01:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/04 01:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/04 01:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/04 01:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/04 01:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/04 01:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/04 01:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/04 01:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/04 01:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/04 01:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/04 01:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/04 01:00:00 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/08/04 01:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/04 01:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/08/04 01:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/04 01:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/04 01:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/04 01:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/04 01:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/04 01:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/04 01:00:00 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/04 01:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/04 01:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/04 01:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/04 01:00:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2004/08/04 01:00:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\bigdaddy\Application Data\*.tmp files]
[2009/04/04 17:33:41 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bigdaddy\Desktop\OTListIt2.exe
[2009/04/04 17:24:06 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Desktop\Rooter.exe
[2009/04/04 17:21:56 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/04 17:21:15 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/04 17:21:15 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/04 17:21:15 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/04 17:18:08 | 00,000,297 | ---- | M] () -- C:\hpqp.ini
[2009/04/04 17:18:06 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/04/04 17:17:48 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\bigdaddy\My Documents\desktop.ini
[2009/04/04 17:17:26 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/04 17:17:15 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 17:16:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 17:16:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 17:16:24 | 00,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/04 17:16:23 | 20,114,18624 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 17:03:47 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/04 16:10:28 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Desktop\NTREGOPT.lnk
[2009/04/04 16:10:28 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Desktop\ERUNT.lnk
[2009/04/04 16:09:50 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\bigdaddy\Desktop\erunt_setup.exe
[2009/04/04 16:04:35 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\bigdaddy\Desktop\SysRestorePoint.exe
[2009/04/04 16:03:53 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Desktop\SysRestorePoint_v13.zip
[2009/04/04 09:30:29 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\bigdaddy\My Documents\My Sharing Folders.lnk
[2009/04/04 09:09:39 | 00,027,136 | ---- | M] () -- C:\WINDOWS\ieocx.dll
[2009/04/03 22:54:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/03 22:54:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/03 22:53:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/03 22:53:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/03 18:04:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/03 18:04:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/03 13:46:43 | 01,022,464 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Application Data\pcdefender.exe
[2009/04/03 08:30:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/03 08:30:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/02 18:25:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/02 18:25:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/02 08:24:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/04/02 08:24:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/31 22:49:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/31 22:49:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/31 22:46:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/31 22:46:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/31 22:46:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/31 22:46:53 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/31 22:46:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/31 22:46:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/31 22:46:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/31 22:46:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/31 08:13:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/31 08:13:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/30 21:39:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/30 21:39:09 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/29 20:58:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/29 20:58:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/29 20:57:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/29 20:57:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/03/28 17:08:20 | 00,001,114 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Application Data\wklnhst.dat
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/20 10:16:39 | 00,303,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/19 07:23:56 | 00,006,890 | ---- | M] () -- C:\Documents and Settings\bigdaddy\My Documents\CHAD LOGAN RESUME ....rtf
[2009/03/18 15:44:58 | 00,007,050 | ---- | M] () -- C:\Documents and Settings\bigdaddy\My Documents\CHAD LOGAN RESUME 3-2009[1].doc
[2009/03/16 07:13:47 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/15 18:32:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/15 18:32:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/15 18:29:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/15 18:29:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/15 16:32:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/15 16:32:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/15 16:30:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/15 16:30:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/15 16:26:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/15 16:26:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/14 12:07:49 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\bigdaddy\My Documents\ChadResume[1].wps
[2009/03/14 11:51:10 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\bigdaddy\My Documents\resume.wps
[2009/03/07 12:50:43 | 17,171,093 | ---- | M] () -- C:\Documents and Settings\bigdaddy\Desktop\JP_ZT2.zip

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D69B4B5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >






OTListIt Extras logfile created on: 4/4/2009 5:34:42 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\bigdaddy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 78.47% Memory free
2.85 Gb Paging File | 2.62 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.47 Gb Total Space | 12.47 Gb Free Space | 25.72% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 1.00 Gb Free Space | 13.50% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGOLDENONE
Current User Name: bigdaddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Disabled:Dungeon Siege 2 Game Executable (Gas Powered Games)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink File not found
C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server (Microsoft Corporation)
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad ()
C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager (Electronic Arts)
C:\Program Files\LucasArts\SWKotOR2\swupdate.exe:*:Disabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Disabled:Neverwinter Nights 2 Server File not found
C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{900BDA66-9A69-40E6-9D48-7177DAB414FD}" = Pirates CSG Online
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"BFGC" = Big Fish Games Client
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"COH" = City of Villains/City of Heroes (remove only)
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"DungeonSiege2" = Dungeon Siege 2
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EADM" = EA Download Manager
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"EndItAll_is1" = EndItAll 2.0
"ERUNT_is1" = ERUNT 1.1j
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"Guild Wars" = Guild Wars
"HijackThis" = HijackThis 1.99.1
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2009 3:51:31 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1001
Description = Fault bucket 1199212205.

Error - 4/4/2009 5:47:55 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000.

Error - 4/4/2009 5:47:58 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1001
Description = Fault bucket 526207965.

Error - 4/4/2009 5:54:25 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1000, faulting
module superantispyware.exe, version 4.26.0.1000, fault address 0x000039e0.

Error - 4/4/2009 5:54:30 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1001
Description = Fault bucket 1199212205.

Error - 4/4/2009 6:20:13 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000.

Error - 4/4/2009 6:20:24 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1001
Description = Fault bucket 526207965.

Error - 4/4/2009 6:21:11 PM | Computer Name = THEGOLDENONE | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1000, faulting
module superantispyware.exe, version 4.26.0.1000, fault address 0x000039e0.

Error - 4/4/2009 8:34:23 PM | Computer Name = THEGOLDENONE | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 8:34:26 PM | Computer Name = THEGOLDENONE | Source = Application Hang | ID = 1001
Description = Fault bucket 1215223501.

[ System Events ]
Error - 4/4/2009 12:19:34 PM | Computer Name = THEGOLDENONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 4/4/2009 12:41:26 PM | Computer Name = THEGOLDENONE | Source = Service Control Manager | ID = 7034
Description = The Messenger Sharing Folders USN Journal Reader service service terminated
unexpectedly. It has done this 1 time(s).

Error - 4/4/2009 12:41:26 PM | Computer Name = THEGOLDENONE | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2009 12:41:45 PM | Computer Name = THEGOLDENONE | Source = Service Control Manager | ID = 7034
Description = The Messenger Sharing Folders USN Journal Reader service service terminated
unexpectedly. It has done this 2 time(s).

Error - 4/4/2009 1:31:21 PM | Computer Name = THEGOLDENONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 4/4/2009 2:13:23 PM | Computer Name = THEGOLDENONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 4/4/2009 7:06:59 PM | Computer Name = THEGOLDENONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 4/4/2009 7:18:30 PM | Computer Name = THEGOLDENONE | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2009 7:28:11 PM | Computer Name = THEGOLDENONE | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2009 7:55:20 PM | Computer Name = THEGOLDENONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >




Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:49638 Mo/Free:481 Mo)
D:\ [Fixed] - FAT32 - (Total:7570 Mo/Free:1021 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/04/2009|17:24

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\msiexec.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
---------- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\HP\QuickPlay\QPService.exe
---------- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
---------- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
---------- C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
---------- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009|17:24

----------------------\\ Scan completed at 17:24
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP