Have been having a number of problems with my computer. Yahoo searches result in redirection to unexpected webpages. Applications such as anti-virus software and IE unexpectedly close (do I want to send error report?). I am unable to access cmd and regedit. My anti-spyware is unable to update. Was told by my anti-virus tech support that it would cost $150 to fix, but I don't have that amount. Thanks for any help that you can give.
I have followed all the instructions on the Malware Removal Guide, and the behaviour persists. Here are my logs as instructed:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:53332 Mo/Free:1535 Mo)
D:\ [Fixed] - FAT32 - (Total:3883 Mo/Free:1339 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sun 04/12/2009|10:31
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\QuickTime\qttask.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\WINDOWS\system32\igfxtray.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
---------- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/12/2009|10:30
2 - "C:\Rooter$\Rooter_2.txt" - Sun 04/12/2009|10:32
----------------------\\ Scan completed at 10:32
OTListIt logfile created on: 4/12/2009 10:35:56 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Robin\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
478.42 Mb Total Physical Memory | 157.06 Mb Available Physical Memory | 32.83% Memory free
1.09 Gb Paging File | 0.79 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.08 Gb Total Space | 37.50 Gb Free Space | 72.00% Space Free | Partition Type: NTFS
Drive D: | 3.79 Gb Total Space | 1.31 Gb Free Space | 34.49% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-3251E523E5
Current User Name: Robin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Robin\My Documents\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (AliIde [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CDAVFS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CDAVFS.sys (CyberDefender Corp.)
DRV - (CmdIde [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (FTD2XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ultra [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value Default_Secondary_Page_URL = 0 bytes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value Secondary Start Pages = 0 bytes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" (CyberDefender Corp.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas2.exe" /minimize (CyberDefender Corp.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/12 10:33:02 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\My Documents\OTListIt2.exe
[2009/04/12 10:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\fix_attempts
[2009/04/12 10:29:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/11 21:46:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/05 13:06:05 | 00,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/05 12:51:57 | 00,000,064 | ---- | C] () -- C:\WINDOWS\av_affiliate.ini
[2009/04/05 12:51:52 | 00,000,064 | ---- | C] () -- C:\WINDOWS\as_affiliate.ini
[2009/04/05 12:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\CyberDefender
[2009/04/05 12:49:51 | 00,000,222 | R--- | C] () -- C:\Documents and Settings\Robin\Desktop\PC Support.url
[2009/04/05 12:49:50 | 00,000,828 | R--- | C] () -- C:\Documents and Settings\Robin\Desktop\CyberDefender.lnk
[2009/04/05 12:49:44 | 00,067,424 | ---- | C] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys
[2009/04/05 12:49:40 | 00,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[2009/04/05 12:46:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\SysRestorePoint_v13
[2009/04/05 10:06:07 | 16,677,040 | ---- | C] (CyberDefender Corp.) -- C:\Documents and Settings\Robin\My Documents\InstallCyberDefenderEDC-595073.exe
[2009/04/05 09:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\Malwarebytes
[2009/04/05 09:35:21 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/05 09:35:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 09:35:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/05 09:35:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/05 09:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/05 09:34:03 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin\My Documents\mbam-setup.exe
[2009/04/05 09:26:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/05 09:26:21 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\NTREGOPT.lnk
[2009/04/05 09:26:21 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\ERUNT.lnk
[2009/04/05 09:26:15 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/05 09:25:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robin\My Documents\erunt_setup.exe
[2009/04/02 22:28:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/04/01 13:16:41 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\runner.avgdx
[2009/03/31 09:28:22 | 00,630,898 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\x8all107ho.bin
[2009/03/30 12:02:44 | 00,052,557 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\Pre-Pesach schedule chart 2009.pdf
[2009/03/30 12:02:13 | 00,606,267 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\Pesach childcare flyer_reg form 2009.pdf
[2009/03/29 23:47:26 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/29 23:27:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/29 23:27:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/29 20:06:08 | 00,000,738 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Registry Mechanic.lnk
[2009/03/29 20:06:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/03/29 20:06:05 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/03/29 19:26:51 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/03/29 19:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/29 19:22:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/03/29 19:18:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/29 19:18:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/03/29 09:49:24 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\Swanmay.doc
[2009/03/26 23:14:30 | 00,000,000 | ---D | C] -- C:\Program Files\Netflix
[2009/03/23 10:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\Clips
[2009/03/20 11:37:09 | 00,000,080 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\APPR.INI
[2009/03/15 14:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/03/15 14:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/08 10:13:32 | 00,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2008/01/03 20:14:13 | 00,000,083 | ---- | C] () -- C:\WINDOWS\KidCalc.INI
[2008/01/03 19:42:04 | 00,000,075 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2008/01/03 19:41:51 | 00,000,197 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/12/25 15:41:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/14 13:24:40 | 00,000,203 | ---- | C] () -- C:\WINDOWS\hop.ini
[2007/04/12 21:08:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/03/08 19:26:47 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/14 20:55:34 | 00,011,582 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/22 08:12:20 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/26 11:54:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/03/23 21:07:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 09:53:24 | 00,001,258 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 09:53:24 | 00,000,483 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 09:53:00 | 00,000,700 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/03/23 09:52:56 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/12 10:33:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\My Documents\OTListIt2.exe
[2009/04/12 09:30:25 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 09:19:11 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/12 09:16:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 09:16:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/12 09:16:01 | 50,173,1328 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/07 23:08:06 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/07 22:36:23 | 00,000,577 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\My Sharing Folders.lnk
[2009/04/05 13:06:05 | 00,000,074 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/05 12:51:57 | 00,000,064 | ---- | M] () -- C:\WINDOWS\av_affiliate.ini
[2009/04/05 12:51:52 | 00,000,064 | ---- | M] () -- C:\WINDOWS\as_affiliate.ini
[2009/04/05 12:51:50 | 00,000,828 | R--- | M] () -- C:\Documents and Settings\Robin\Desktop\CyberDefender.lnk
[2009/04/05 12:51:45 | 00,000,700 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/05 12:49:51 | 00,000,222 | R--- | M] () -- C:\Documents and Settings\Robin\Desktop\PC Support.url
[2009/04/05 12:49:13 | 00,067,424 | ---- | M] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys
[2009/04/05 10:06:21 | 16,677,040 | ---- | M] (CyberDefender Corp.) -- C:\Documents and Settings\Robin\My Documents\InstallCyberDefenderEDC-595073.exe
[2009/04/05 09:35:21 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/05 09:34:14 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin\My Documents\mbam-setup.exe
[2009/04/05 09:26:21 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\NTREGOPT.lnk
[2009/04/05 09:26:21 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\ERUNT.lnk
[2009/04/05 09:25:40 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robin\My Documents\erunt_setup.exe
[2009/04/02 22:18:59 | 00,000,080 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\APPR.INI
[2009/04/01 13:16:57 | 00,000,020 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\runner.avgdx
[2009/03/31 09:28:30 | 00,630,898 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\x8all107ho.bin
[2009/03/30 12:02:50 | 00,052,557 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\Pre-Pesach schedule chart 2009.pdf
[2009/03/30 12:02:22 | 00,606,267 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\Pesach childcare flyer_reg form 2009.pdf
[2009/03/29 20:06:08 | 00,000,738 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Registry Mechanic.lnk
[2009/03/29 19:26:51 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Robin\My Documents\desktop.ini
[2009/03/29 19:22:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/29 09:49:24 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\Swanmay.doc
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 07:48:31 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/18 19:43:20 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Windows Media Player.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63BE06CA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTListIt Extras logfile created on: 4/12/2009 10:35:56 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Robin\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
478.42 Mb Total Physical Memory | 157.06 Mb Available Physical Memory | 32.83% Memory free
1.09 Gb Paging File | 0.79 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.08 Gb Total Space | 37.50 Gb Free Space | 72.00% Space Free | Partition Type: NTFS
Drive D: | 3.79 Gb Total Space | 1.31 Gb Free Space | 34.49% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-3251E523E5
Current User Name: Robin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\Apprentice\Appr.exe:*:Enabled:Appr ()
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player (RealNetworks, Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console (Microsoft Corporation)
C:\Program Files\CyberDefender\AntiSpyware\cdas2.exe:*:Enabled:CyberDefender Internet Security (CyberDefender Corp.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{17B20DC4-E277-4EAE-9464-4904462ACA84}" = Dress Shop Update 6.18
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{260269FB-4F9D-4572-B41A-32555892488F}" = Dress Shop Update 6.18
"{29024641-E7B1-43CF-AFC5-32A1D888D982}" = Dress Shop 6.09 CD Master
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34EB7535-E972-448C-BFDF-2EF36A222CB8}" = Ultimate Box
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425ECED4-23ED-4E05-A88A-B59700DAF2AD}" = TIxx21/x515
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6597E6A3-2137-4705-A15F-CB78DBF63CCC}" = Dress Shop 6.09 CD Master
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar (CyberDefender Corporation)
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA63780B-DDB7-417b-8A13-E5AFBE08E807}" =
"{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}" = PassAlong Software
"{AC5352DA-F4F2-4A59-A1BF-41546342746B}" = CyberDefender Early Detection Center
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAE5A9E4-CFD5-4ABE-B0D7-AA09AC3747BB}" = Picaboo 2.0.325
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BigFix" = BigFix
"BuzzEditV2" = BuzzEditV2
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F" = SoftK56 Data Fax Modem
"ERUNT_is1" = ERUNT 1.1j
"FTD2XX" = Dual Reader/Writer USB Drivers
"Google Desktop" = Google Desktop
"HOPDKey" = Hooked on Phonics Learn to Read
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"HTMLKit_is1" = HTML-Kit
"ie8" = Windows Internet Explorer 8
"InstallShield_{425ECED4-23ED-4E05-A88A-B59700DAF2AD}" = Texas Instruments PCIxx21/x515 drivers.
"InterActual Player" = InterActual Player
"Magic Online" = Magic Online
"Magic Suitcase" = Magic Suitcase
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math Blaster PreAlgebra" = Math Blaster PreAlgebra
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Rhapsody" = Rhapsody
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Study Helpers Math Booster" = Study Helpers Math Booster
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wild Things! by Wild Ginger Software, Inc." = Wild Things! by Wild Ginger Software, Inc.
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/8/2009 2:10:19 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/8/2009 2:10:44 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/8/2009 2:11:07 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/8/2009 2:11:31 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/8/2009 2:11:53 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/8/2009 2:12:16 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/8/2009 2:12:38 AM | Computer Name = YOUR-3251E523E5 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module ntdll.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault
address 0x0001b1fa.
Error - 4/12/2009 1:03:13 AM | Computer Name = YOUR-3251E523E5 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.
Error - 4/12/2009 12:33:07 PM | Computer Name = YOUR-3251E523E5 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x001c90f5.
Error - 4/12/2009 12:34:51 PM | Computer Name = YOUR-3251E523E5 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.
[ System Events ]
Error - 4/12/2009 12:26:49 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 12:26:49 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 2:05:04 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 2:05:04 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 2:05:12 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 2:05:12 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 2:05:58 AM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 12:16:08 PM | Computer Name = YOUR-3251E523E5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 4/12/2009 12:52:40 PM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 4/12/2009 12:54:31 PM | Computer Name = YOUR-3251E523E5 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
< End of report >