Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spy ware [Solved]

Started by hbhager , Apr 15 2009 10:31 AM

  • This topic is locked This topic is locked

#16
Rorschach112
Posted 21 April 2009 - 08:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
no do this

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

Advertisements

#17
hbhager
Posted 21 April 2009 - 09:23 AM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Extras.txt did not come up ,only otlistit.txt
OTListIt logfile created on: 04/21/2009 10:32:46 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HAGER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: MM/dd/yyyy

1023.29 Mb Total Physical Memory | 677.19 Mb Available Physical Memory | 66.18% Memory free
1.66 Gb Paging File | 1.15 Gb Available in Paging File | 69.34% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 70.20 Gb Free Space | 62.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HANK
Current User Name: HAGER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\HPHipm11.exe (HP)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\dvd43\dvd43_tray.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe (Jasc Software)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\HAGER\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPH11 [On_Demand | Running]) -- C:\WINDOWS\system32\HPHipm11.exe (HP)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (TeamViewer4 [Auto | Running]) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WmcCds [Unknown | Stopped]) -- c:\program files\windows media connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AEC671X [System | Stopped]) -- C:\WINDOWS\System32\drivers\AEC671X.SYS (Acard Technology Corp.)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (asc [System | Stopped]) -- C:\WINDOWS\System32\drivers\ASC.SYS (Advanced System Products, Inc.)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (DCamUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emDevice.sys (eMPIA Technology, Inc.)
DRV - (DMX3191 [System | Stopped]) -- C:\WINDOWS\System32\drivers\DMX3191.SYS (Microsoft Corporation)
DRV - (Dot4 HPH11 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys (HP)
DRV - (Dot4Print HPH11 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys (HP)
DRV - (Dot4Storage HPH11 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\hphs2k11.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH11 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hphius11.sys (HP)
DRV - (dvd43llh [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (emAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FiltUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emFilter.sys (eMPIA Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (Agere Systems)
DRV - (MarvinBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090417.007\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090417.007\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (ScanUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emScan.sys (eMPIA Technology, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [Disabled | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USB_RNDIS_XP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft...mp;Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,AllEngines = http://home.microsof...SearchSetup.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/27 21:13:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/21 12:07:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B97B2E3B-ECF5-C558-ADFF-943B877623C7} - Reg Error: Key error. File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DVD Ghost] C:\Program Files\DVD Ghost\DVDGhost.EXE (WWW.Region-Free-DVD.COM)
O4 - HKCU..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s (Verizon Internet Solutions)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S (Uniblue Software)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe (Jasc Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Crystal 3D Audio Control.lnk = C:\Windows\Cwd3dsnd.exe (Crystal Semiconductor, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
O4 - Startup: C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm ()
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm ()
O8 - Extra context menu item: &Search - ?p=ZUxdm486YYUS File not found
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm ()
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm ()
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm ()
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .hpb - C:\Program Files\Internet Explorer\PLUGINS\nphpipb.dll (HP)
O12 - Plugin for: .mw2 - C:\Program Files\Internet Explorer\PLUGINS\NPLCSI32.dll (LCSI)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: cartoonnetwork.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124331718343 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} http://www1.coolsavi...oad/CouponX.cab (CouponDown Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://aolsvc.aol.co...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v45/sol/sol.cab (Sol Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7797.7807060185 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A790} http://www.microsoft...w/0/BerbCln.CAB (BerbCln Object)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate...en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.game...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} http://lg.home.micro...rchsettings.cab (Microsoft Search Settings Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://c:\windows\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL) - C:\Program Files\DVD Ghost\DVDGhostAppInit.dll (BlazeVideo, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\daeaddafaeccfc: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{dae55d1f-2864-11da-9b38-00600fff1879}\Shell\AutoRun\command - "" = J:\GETMYPIX.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[38 C:\WINDOWS\*.tmp files]
[2009/04/21 10:28:25 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HAGER\Desktop\OTListIt2.exe
[2009/04/20 11:22:10 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HAGER\Desktop\mbam-setup.exe
[2009/04/17 09:57:30 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\gmer.zip
[2009/04/16 14:00:43 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090416_140037.reg
[2009/04/16 10:00:57 | 00,440,104 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\RootRepeal.zip
[2009/04/16 09:34:39 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/16 09:31:27 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HAGER\My Documents\OTMoveIt3.exe
[2009/04/15 22:58:45 | 03,009,908 | R--- | C] () -- C:\Documents and Settings\HAGER\My Documents\ComboFix.exe
[2009/04/15 20:48:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/15 19:56:41 | 00,000,074 | ---- | C] () -- C:\NT4
[2009/04/15 19:09:24 | 00,000,217 | ---- | C] () -- C:\Boot.bak
[2009/04/15 19:09:19 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/15 19:09:12 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/15 19:06:58 | 00,259,072 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/15 19:06:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/15 19:06:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/15 19:06:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/15 19:06:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/15 19:06:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/15 19:06:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/15 19:06:58 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/15 19:06:51 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/15 19:04:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/15 10:09:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 09:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 09:43:43 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/15 09:43:22 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\NTREGOPT.lnk
[2009/04/15 09:43:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/15 08:26:19 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 08:26:18 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 08:26:18 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 08:26:18 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 08:26:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 08:26:18 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 08:26:17 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 08:26:17 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 08:26:17 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 08:24:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 08:24:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 08:24:09 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/13 15:42:20 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HAGER\My Documents\setup-spybotsd162.exe
[2009/04/13 15:31:27 | 00,000,976 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\Spybot - Search & Destroy.lnk
[2009/04/13 14:27:14 | 00,301,322 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142710.reg
[2009/04/13 14:25:23 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142521.reg
[2009/04/13 14:20:37 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142032.reg
[2009/04/08 14:39:14 | 00,018,816 | ---- | C] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys
[2009/04/08 14:39:14 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\DVD43.lnk
[2009/04/07 20:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/07 20:10:08 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/07 20:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/07 14:38:37 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/07 14:38:37 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/07 14:38:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/07 14:38:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/07 10:19:34 | 00,004,676 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090407_101931.reg
[2009/04/06 15:10:57 | 00,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/06 15:10:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\Application Data\ErrorFix
[2009/04/06 14:07:11 | 00,006,144 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
[2009/04/06 13:36:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\My Documents\My Google Gadgets
[2009/04/05 20:07:55 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2009/04/05 20:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\Application Data\GetRightToGo
[2009/04/03 14:00:03 | 00,092,672 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\Adult Fishing.sig
[2009/04/01 19:18:09 | 00,480,256 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\fish cleaning.sig
[2009/04/01 18:43:32 | 00,582,656 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\BCTU FOOD.sig
[2009/03/27 23:19:09 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/27 21:09:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/27 21:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/27 21:08:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/27 21:08:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/27 21:08:15 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/27 21:08:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/27 21:08:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/27 21:08:15 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/27 21:08:15 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/27 21:08:14 | 00,000,000 | ---D | C] -- C:\c762295ebd59545d2cab9cdd6ef40f53
[2009/03/24 19:53:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/24 19:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/03/24 19:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/02/09 15:33:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2009/02/01 18:17:16 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2008/01/12 22:54:00 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/22 11:29:57 | 00,000,026 | ---- | C] () -- C:\WINDOWS\SnapShot.INI
[2006/12/23 16:09:41 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/07/26 21:39:40 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/07/14 23:02:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/07/11 20:18:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/07/08 23:46:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006/07/07 22:53:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/07 22:53:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/07 22:53:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/07 22:53:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/07 22:53:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/07 22:53:19 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/27 15:15:21 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/27 15:15:03 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/04/27 15:14:52 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/27 15:14:32 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/27 15:12:21 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/08 13:06:05 | 00,000,766 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2006/03/28 07:57:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/22 11:16:53 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/03/10 11:42:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PictEasy.INI
[2006/03/10 11:40:41 | 00,000,198 | ---- | C] () -- C:\WINDOWS\pez11.ini
[2006/02/18 10:49:25 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/16 05:28:26 | 00,000,317 | ---- | C] () -- C:\WINDOWS\elitemediagroup.ini
[2006/01/06 23:30:55 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tbd_G1ssg.ini
[2005/09/18 12:57:44 | 00,000,817 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2005/09/02 22:14:27 | 00,000,465 | ---- | C] () -- C:\WINDOWS\rneec.dll
[2004/09/24 21:42:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/10 23:34:18 | 00,000,147 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2004/08/15 23:08:34 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/08/01 12:36:57 | 00,000,045 | ---- | C] () -- C:\WINDOWS\GBKHGNIJ.ini
[2004/07/31 18:36:46 | 00,000,297 | ---- | C] () -- C:\WINDOWS\System32\MSrev43.dll
[2004/03/28 20:01:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2004/03/28 19:28:16 | 00,000,280 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2004/03/21 15:22:45 | 00,076,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2004/03/20 17:20:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2003/12/09 13:16:52 | 00,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[2003/11/07 23:27:18 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/09/12 22:21:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/08/30 13:00:51 | 00,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2003/07/12 21:24:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/07/12 00:29:52 | 00,000,409 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2003/07/12 00:15:33 | 00,038,688 | ---- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2003/07/12 00:15:33 | 00,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2003/06/29 19:11:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2003/06/29 12:40:45 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2003/06/25 11:39:14 | 00,000,445 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/06/25 11:39:14 | 00,000,445 | ---- | C] () -- C:\WINDOWS\OEMINFO.INI
[2003/06/25 11:36:17 | 00,051,376 | ---- | C] () -- C:\WINDOWS\dbetdf04.ini
[2003/06/25 11:36:17 | 00,019,263 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2003/06/25 11:36:17 | 00,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/06/25 11:36:17 | 00,008,405 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/06/25 11:36:17 | 00,006,425 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/06/25 11:36:17 | 00,005,602 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2003/06/25 11:36:17 | 00,003,550 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/06/25 11:36:17 | 00,003,544 | ---- | C] () -- C:\WINDOWS\MSMUSCTL.INI
[2003/06/25 11:36:17 | 00,003,045 | ---- | C] () -- C:\WINDOWS\WIZARDS.INI
[2003/06/25 11:36:17 | 00,002,324 | ---- | C] () -- C:\WINDOWS\VISTA32D.INI
[2003/06/25 11:36:17 | 00,002,276 | ---- | C] () -- C:\WINDOWS\SUPERFLY.INI
[2003/06/25 11:36:17 | 00,001,238 | ---- | C] () -- C:\WINDOWS\HPFDJC08.INI
[2003/06/25 11:36:17 | 00,001,153 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/25 11:36:17 | 00,001,061 | ---- | C] () -- C:\WINDOWS\INTUADS.INI
[2003/06/25 11:36:17 | 00,001,058 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/06/25 11:36:17 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2003/06/25 11:36:17 | 00,000,835 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2003/06/25 11:36:17 | 00,000,821 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2003/06/25 11:36:17 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/06/25 11:36:17 | 00,000,775 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2003/06/25 11:36:17 | 00,000,774 | ---- | C] () -- C:\WINDOWS\CWDAUDIO.INI
[2003/06/25 11:36:17 | 00,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2003/06/25 11:36:17 | 00,000,674 | ---- | C] () -- C:\WINDOWS\EDOC16.INI
[2003/06/25 11:36:17 | 00,000,610 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2003/06/25 11:36:17 | 00,000,595 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2003/06/25 11:36:17 | 00,000,482 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2003/06/25 11:36:17 | 00,000,482 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/06/25 11:36:17 | 00,000,469 | ---- | C] () -- C:\WINDOWS\TSMAKER2.INI
[2003/06/25 11:36:17 | 00,000,444 | ---- | C] () -- C:\WINDOWS\MIDIPLYR.INI
[2003/06/25 11:36:17 | 00,000,395 | ---- | C] () -- C:\WINDOWS\IMPORTCLIENT.INI
[2003/06/25 11:36:17 | 00,000,366 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/06/25 11:36:17 | 00,000,362 | ---- | C] () -- C:\WINDOWS\MMKeybd.ini
[2003/06/25 11:36:17 | 00,000,313 | ---- | C] () -- C:\WINDOWS\VIDEOIMP.INI
[2003/06/25 11:36:17 | 00,000,305 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2003/06/25 11:36:17 | 00,000,295 | ---- | C] () -- C:\WINDOWS\PPDRV.INI
[2003/06/25 11:36:17 | 00,000,273 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2003/06/25 11:36:17 | 00,000,240 | ---- | C] () -- C:\WINDOWS\KUDOVW32.INI
[2003/06/25 11:36:17 | 00,000,234 | ---- | C] () -- C:\WINDOWS\COOLSV32.INI
[2003/06/25 11:36:17 | 00,000,230 | ---- | C] () -- C:\WINDOWS\CDPLYR.INI
[2003/06/25 11:36:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\BASS.INI
[2003/06/25 11:36:17 | 00,000,226 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/06/25 11:36:17 | 00,000,198 | ---- | C] () -- C:\WINDOWS\PPI.INI
[2003/06/25 11:36:17 | 00,000,191 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/06/25 11:36:17 | 00,000,186 | ---- | C] () -- C:\WINDOWS\PAFMGR.INI
[2003/06/25 11:36:17 | 00,000,181 | ---- | C] () -- C:\WINDOWS\WINMINE.INI
[2003/06/25 11:36:17 | 00,000,179 | ---- | C] () -- C:\WINDOWS\WAVEPLYR.INI
[2003/06/25 11:36:17 | 00,000,171 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/06/25 11:36:17 | 00,000,171 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/06/25 11:36:17 | 00,000,168 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/06/25 11:36:17 | 00,000,157 | ---- | C] () -- C:\WINDOWS\MABVRX.INI
[2003/06/25 11:36:17 | 00,000,152 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/06/25 11:36:17 | 00,000,143 | ---- | C] () -- C:\WINDOWS\SYSMIXER.INI
[2003/06/25 11:36:17 | 00,000,143 | ---- | C] () -- C:\WINDOWS\GBROWSER.INI
[2003/06/25 11:36:17 | 00,000,140 | ---- | C] () -- C:\WINDOWS\MRCLOCK.INI
[2003/06/25 11:36:17 | 00,000,129 | ---- | C] () -- C:\WINDOWS\Picture Easy 3.ini
[2003/06/25 11:36:17 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/25 11:36:17 | 00,000,116 | ---- | C] () -- C:\WINDOWS\MEDIARCK.INI
[2003/06/25 11:36:17 | 00,000,105 | ---- | C] () -- C:\WINDOWS\MAPIUID.INI
[2003/06/25 11:36:17 | 00,000,102 | ---- | C] () -- C:\WINDOWS\PDHPRO.INI
[2003/06/25 11:36:17 | 00,000,091 | ---- | C] () -- C:\WINDOWS\EPSONEM.INI
[2003/06/25 11:36:17 | 00,000,076 | ---- | C] () -- C:\WINDOWS\EREGPUHP.INI
[2003/06/25 11:36:17 | 00,000,071 | ---- | C] () -- C:\WINDOWS\Calmaker.ini
[2003/06/25 11:36:17 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2003/06/25 11:36:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\STRINGS.INI
[2003/06/25 11:36:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\MDM.INI
[2003/06/25 11:36:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2003/06/25 11:36:17 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/06/25 11:36:17 | 00,000,060 | ---- | C] () -- C:\WINDOWS\Constrct.ini
[2003/06/25 11:36:17 | 00,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2003/06/25 11:36:17 | 00,000,056 | ---- | C] () -- C:\WINDOWS\MMATES.INI
[2003/06/25 11:36:17 | 00,000,055 | ---- | C] () -- C:\WINDOWS\TRAPPRO.INI
[2003/06/25 11:36:17 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/06/25 11:36:17 | 00,000,052 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2003/06/25 11:36:17 | 00,000,051 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
[2003/06/25 11:36:17 | 00,000,050 | ---- | C] () -- C:\WINDOWS\WINFILE.INI
[2003/06/25 11:36:17 | 00,000,049 | ---- | C] () -- C:\WINDOWS\DESIGNE.INI
[2003/06/25 11:36:17 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AtHomePC.Ini
[2003/06/25 11:36:17 | 00,000,044 | ---- | C] () -- C:\WINDOWS\BD40.INI
[2003/06/25 11:36:17 | 00,000,041 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2003/06/25 11:36:17 | 00,000,038 | ---- | C] () -- C:\WINDOWS\PSSE.INI
[2003/06/25 11:36:17 | 00,000,034 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2003/06/25 11:36:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/06/25 11:36:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.INI
[2003/06/25 11:36:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/06/25 11:36:17 | 00,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2003/06/25 11:36:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/06/25 11:36:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\@LOHA.INI
[2003/06/25 11:36:17 | 00,000,022 | ---- | C] () -- C:\WINDOWS\FlpUtil.ini
[2003/06/25 11:36:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_SETUP.INI
[2003/06/25 11:36:17 | 00,000,019 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TAPILDR.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SCANTIFF.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PEZDOWNLOAD.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPSERVE.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MMPLAY.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MADCCS.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MADCCF.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BROWSER.INI
[2003/06/25 11:18:17 | 00,004,745 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/06/25 11:18:01 | 00,000,458 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/12/07 19:16:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\PANIC32.dll
[2002/12/07 19:16:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\PANICNT.dll
[2002/06/20 15:09:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/04/20 12:54:25 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2002/04/20 12:54:06 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
[2002/04/20 12:54:05 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
[2002/01/16 21:06:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IDMC1Reg.dll
[2001/05/01 19:35:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2001/05/01 19:35:03 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\WVJAVA.DLL
[2001/05/01 19:34:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\URMCFG32.DLL
[2001/05/01 19:34:59 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\URMCLN32.DLL
[2001/05/01 19:34:57 | 00,058,880 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.DLL
[2001/05/01 19:34:57 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.DLL
[2001/05/01 19:34:57 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\TALUPC32.DLL
[2001/05/01 19:34:51 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\RDBIOS32.DLL
[2001/05/01 19:34:46 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\P3AppIFace.dll
[2001/05/01 19:34:44 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2001/05/01 19:34:41 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2001/05/01 19:34:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2001/05/01 19:34:37 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSIOSD32.DLL
[2001/05/01 19:34:31 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2001/05/01 19:34:30 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2001/05/01 19:34:29 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2001/05/01 19:34:27 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/05/01 19:34:27 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2001/05/01 19:34:26 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\LAUNCHER.DLL
[2001/05/01 19:34:25 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2001/05/01 19:34:22 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2001/05/01 19:34:21 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ICQSOCK.DLL
[2001/05/01 19:34:21 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\ICQCPRT.DLL
[2001/05/01 19:34:21 | 00,058,368 | ---- | C] () -- C:\WINDOWS\System32\ICQUIEX.DLL
[2001/05/01 19:34:21 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2001/05/01 19:34:21 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ICQWUTL.DLL
[2001/05/01 19:34:21 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ICQWCOM.DLL
[2001/05/01 19:34:21 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\ICQCUTL.DLL
[2001/05/01 19:34:21 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HPSOCEX.DLL
[2001/05/01 19:34:20 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2001/05/01 19:34:20 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\ftpclient.dll
[2001/05/01 19:34:20 | 00,006,932 | ---- | C] () -- C:\WINDOWS\System32\GLSCAN.SYS
[2001/05/01 19:34:16 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2001/05/01 19:34:14 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2001/05/01 19:32:58 | 00,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2001/05/01 19:32:57 | 00,106,016 | ---- | C] () -- C:\WINDOWS\u1220_32.dll
[2001/05/01 19:32:45 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[38 C:\WINDOWS\*.tmp files]
[2009/04/21 10:31:23 | 37,586,6368 | ---- | M] () -- C:\outlook.pst
[2009/04/21 10:28:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HAGER\Desktop\OTListIt2.exe
[2009/04/21 09:56:43 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\Microsoft Office Outlook 2007.lnk
[2009/04/21 09:45:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
[2009/04/21 03:19:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{7BAB1505-145D-11D3-9867-444553540000}_HAGER.job
[2009/04/21 01:58:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_HAGER.job
[2009/04/20 16:34:06 | 56,886,9888 | ---- | M] () -- C:\outlook.bak
[2009/04/20 16:30:47 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Photosmart 8200 Series.job
[2009/04/20 12:00:00 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/20 11:23:22 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 11:22:41 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HAGER\Desktop\mbam-setup.exe
[2009/04/20 01:30:00 | 00,000,560 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
[2009/04/20 01:15:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{D34F18B1-576E-11D0-B28C-00C04FD7CD22}_HAGER.job
[2009/04/19 21:08:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 21:07:38 | 00,000,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/19 21:06:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 21:06:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 21:06:05 | 01,563,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 19:02:37 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
[2009/04/17 09:57:30 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\gmer.zip
[2009/04/16 17:58:22 | 00,438,848 | ---- | M] () -- C:\Documents and Settings\HAGER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/16 15:26:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/16 14:00:43 | 00,000,082 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090416_140037.reg
[2009/04/16 10:00:58 | 00,440,104 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\RootRepeal.zip
[2009/04/16 09:31:29 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HAGER\My Documents\OTMoveIt3.exe
[2009/04/15 19:56:41 | 00,000,074 | ---- | M] () -- C:\NT4
[2009/04/15 19:45:33 | 00,000,458 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/15 19:40:27 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/15 19:09:24 | 00,000,288 | RHS- | M] () -- C:\boot.ini
[2009/04/15 19:04:04 | 03,009,908 | R--- | M] () -- C:\Documents and Settings\HAGER\My Documents\ComboFix.exe
[2009/04/15 10:01:30 | 00,517,094 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 10:01:30 | 00,437,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 10:01:30 | 00,069,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 09:53:19 | 00,000,775 | ---- | M] () -- C:\WINDOWS\OPLIMIT.INI
[2009/04/15 09:43:43 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/15 09:43:22 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\NTREGOPT.lnk
[2009/04/13 15:34:05 | 00,000,976 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\Spybot - Search & Destroy.lnk
[2009/04/13 15:30:03 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HAGER\My Documents\setup-spybotsd162.exe
[2009/04/13 14:27:26 | 00,301,322 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142710.reg
[2009/04/13 14:25:23 | 00,000,082 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142521.reg
[2009/04/13 14:24:41 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\CCleaner.lnk
[2009/04/13 14:20:37 | 00,000,082 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142032.reg
[2009/04/11 19:33:52 | 00,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/04/08 15:04:31 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/08 14:56:05 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys
[2009/04/08 14:56:04 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\DVD43.lnk
[2009/04/07 10:19:46 | 00,004,676 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090407_101931.reg
[2009/04/07 10:08:34 | 00,004,745 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/07 10:08:34 | 00,000,217 | ---- | M] () -- C:\Boot.bak
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 14:07:11 | 00,006,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 20:07:55 | 00,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2009/04/03 16:37:37 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\Adult Fishing.sig
[2009/04/03 16:14:51 | 00,002,229 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 20.lnk
[2009/04/01 19:19:26 | 00,002,229 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrintMaster 16.lnk
[2009/04/01 19:18:25 | 00,574,976 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\BCTU.sig
[2009/04/01 19:18:09 | 00,480,256 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\fish cleaning.sig
[2009/04/01 18:43:33 | 00,582,656 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\BCTU FOOD.sig
[2009/04/01 04:16:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{D34F18B2-576E-11D0-B28C-00C04FD7CD22}_HAGER.job
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== Alternate Data Streams ==========

@Alternate Data Stream - 25214 bytes -> C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url:favicon
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E966F1E9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00D439
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9D83120
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D492DA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7D2A38
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E50C1642
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C3F01AB
< End of report >
  • 0

#18
Rorschach112
Posted 21 April 2009 - 12:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\daeaddafaeccfc: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O33 - MountPoints2\{dae55d1f-2864-11da-9b38-00600fff1879}\Shell\AutoRun\command - "" = J:\GETMYPIX.EXE -- File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )

  • 0

#19
hbhager
Posted 21 April 2009 - 01:53 PM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Error: Unable to interpret <CODE> in the current context!
========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\daeaddafaeccfc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dae55d1f-2864-11da-9b38-00600fff1879}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dae55d1f-2864-11da-9b38-00600fff1879}\ not found.
File J:\GETMYPIX.EXE not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\HAGER\Local Settings\temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\temp\~DF1B12.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.Word\~WRS{AB4EBFB1-472C-498A-9A10-33A0B9FC07CA}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.Word\~WRS{DCE937EA-BC0C-49B8-8FCB-8A6EAFE2AF8E}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\X0VGOQFT\ads[5].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\TIJXY898\de[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\5ED9TFYE\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\5ED9TFYE\spy-ware-t235738[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\46B0V1YV\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_dc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04212009_152032

Files moved on Reboot...
File C:\Documents and Settings\HAGER\Local Settings\temp\hpodvd09.log not found!
File C:\Documents and Settings\HAGER\Local Settings\temp\_hphtra07.log not found!
File C:\Documents and Settings\HAGER\Local Settings\temp\~DF1B12.tmp not found!
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.Word\~WRS{AB4EBFB1-472C-498A-9A10-33A0B9FC07CA}.tmp moved successfully.
File C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.Word\~WRS{DCE937EA-BC0C-49B8-8FCB-8A6EAFE2AF8E}.tmp not found!
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\X0VGOQFT\ads[5].htm moved successfully.
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\TIJXY898\de[1].htm moved successfully.
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\5ED9TFYE\iframe[1].htm moved successfully.
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\5ED9TFYE\spy-ware-t235738[1].htm moved successfully.
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\Content.IE5\46B0V1YV\iframe[1].htm moved successfully.
C:\Documents and Settings\HAGER\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_dc.dat not found!

Registry entries deleted on Reboot...
  • 0

#20
Rorschach112
Posted 21 April 2009 - 05:50 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post a new OTL log
  • 0

#21
hbhager
Posted 22 April 2009 - 07:45 AM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
OTListIt logfile created on: 04/22/2009 9:38:47 AM - Run 4
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HAGER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: MM/dd/yyyy

1023.29 Mb Total Physical Memory | 440.46 Mb Available Physical Memory | 43.04% Memory free
1.66 Gb Paging File | 1.13 Gb Available in Paging File | 68.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 69.98 Gb Free Space | 62.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HANK
Current User Name: HAGER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPHipm11.exe (HP)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\dvd43\dvd43_tray.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe (Jasc Software)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\HAGER\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPH11 [On_Demand | Running]) -- C:\WINDOWS\system32\HPHipm11.exe (HP)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (TeamViewer4 [Auto | Running]) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WmcCds [Unknown | Stopped]) -- c:\program files\windows media connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AEC671X [System | Stopped]) -- C:\WINDOWS\System32\drivers\AEC671X.SYS (Acard Technology Corp.)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (asc [System | Stopped]) -- C:\WINDOWS\System32\drivers\ASC.SYS (Advanced System Products, Inc.)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (DCamUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emDevice.sys (eMPIA Technology, Inc.)
DRV - (DMX3191 [System | Stopped]) -- C:\WINDOWS\System32\drivers\DMX3191.SYS (Microsoft Corporation)
DRV - (Dot4 HPH11 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys (HP)
DRV - (Dot4Print HPH11 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys (HP)
DRV - (Dot4Storage HPH11 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\hphs2k11.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH11 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hphius11.sys (HP)
DRV - (dvd43llh [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (emAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FiltUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emFilter.sys (eMPIA Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (Agere Systems)
DRV - (MarvinBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090417.007\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090417.007\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (ScanUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emScan.sys (eMPIA Technology, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [Disabled | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USB_RNDIS_XP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft...mp;Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,AllEngines = http://home.microsof...SearchSetup.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/27 21:13:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/21 12:07:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1428A472-5260-404E-9977-7ECDF1DAF936} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B97B2E3B-ECF5-C558-ADFF-943B877623C7} - Reg Error: Key error. File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DVD Ghost] C:\Program Files\DVD Ghost\DVDGhost.EXE (WWW.Region-Free-DVD.COM)
O4 - HKCU..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s (Verizon Internet Solutions)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S (Uniblue Software)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe (Jasc Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Crystal 3D Audio Control.lnk = C:\Windows\Cwd3dsnd.exe (Crystal Semiconductor, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
O4 - Startup: C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm ()
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm ()
O8 - Extra context menu item: &Search - ?p=ZUxdm486YYUS File not found
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm ()
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm ()
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm ()
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .hpb - C:\Program Files\Internet Explorer\PLUGINS\nphpipb.dll (HP)
O12 - Plugin for: .mw2 - C:\Program Files\Internet Explorer\PLUGINS\NPLCSI32.dll (LCSI)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: cartoonnetwork.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124331718343 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} http://www1.coolsavi...oad/CouponX.cab (CouponDown Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://aolsvc.aol.co...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v45/sol/sol.cab (Sol Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7797.7807060185 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A790} http://www.microsoft...w/0/BerbCln.CAB (BerbCln Object)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate...en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.game...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} http://lg.home.micro...rchsettings.cab (Microsoft Search Settings Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://c:\windows\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL) - C:\Program Files\DVD Ghost\DVDGhostAppInit.dll (BlazeVideo, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\daeaddafaeccfc: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[38 C:\WINDOWS\*.tmp files]
[2009/04/21 15:20:32 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 14:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\Application Data\Auslogics
[2009/04/21 14:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/04/21 13:37:44 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\settings.dat
[2009/04/21 13:29:33 | 01,159,434 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\readme.rar
[2009/04/21 13:26:08 | 00,189,400 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\readme.rar
[2009/04/21 13:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\Desktop\X86
[2009/04/21 10:28:25 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HAGER\Desktop\OTListIt2.exe
[2009/04/20 11:22:10 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HAGER\Desktop\mbam-setup.exe
[2009/04/17 09:57:30 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\gmer.zip
[2009/04/16 14:00:43 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090416_140037.reg
[2009/04/16 10:00:57 | 00,440,104 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\RootRepeal.zip
[2009/04/16 09:34:39 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/16 09:31:27 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HAGER\My Documents\OTMoveIt3.exe
[2009/04/15 22:58:45 | 03,009,908 | R--- | C] () -- C:\Documents and Settings\HAGER\My Documents\ComboFix.exe
[2009/04/15 20:48:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/15 19:56:41 | 00,000,074 | ---- | C] () -- C:\NT4
[2009/04/15 19:09:24 | 00,000,217 | ---- | C] () -- C:\Boot.bak
[2009/04/15 19:09:19 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/15 19:09:12 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/15 19:06:58 | 00,259,072 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/15 19:06:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/15 19:06:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/15 19:06:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/15 19:06:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/15 19:06:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/15 19:06:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/15 19:06:58 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/15 19:06:51 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/15 19:04:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/15 10:09:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 09:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 09:43:43 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/15 09:43:22 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\NTREGOPT.lnk
[2009/04/15 09:43:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/15 08:26:19 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 08:26:18 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 08:26:18 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 08:26:18 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 08:26:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 08:26:18 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 08:26:17 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 08:26:17 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 08:26:17 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 08:24:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 08:24:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 08:24:09 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/13 15:42:20 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HAGER\My Documents\setup-spybotsd162.exe
[2009/04/13 15:31:27 | 00,000,976 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\Spybot - Search & Destroy.lnk
[2009/04/13 14:27:14 | 00,301,322 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142710.reg
[2009/04/13 14:25:23 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142521.reg
[2009/04/13 14:20:37 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142032.reg
[2009/04/08 14:39:14 | 00,018,816 | ---- | C] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys
[2009/04/08 14:39:14 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\HAGER\Desktop\DVD43.lnk
[2009/04/07 20:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/07 20:10:08 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/07 20:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/07 14:38:37 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/07 14:38:37 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/07 14:38:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/07 14:38:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/07 10:19:34 | 00,004,676 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090407_101931.reg
[2009/04/06 15:10:57 | 00,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/06 15:10:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\Application Data\ErrorFix
[2009/04/06 14:07:11 | 00,006,144 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
[2009/04/06 13:36:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\My Documents\My Google Gadgets
[2009/04/05 20:07:55 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2009/04/05 20:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HAGER\Application Data\GetRightToGo
[2009/04/03 14:00:03 | 00,092,672 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\Adult Fishing.sig
[2009/04/01 19:18:09 | 00,480,256 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\fish cleaning.sig
[2009/04/01 18:43:32 | 00,582,656 | ---- | C] () -- C:\Documents and Settings\HAGER\My Documents\BCTU FOOD.sig
[2009/03/27 23:19:09 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/27 21:09:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/27 21:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/27 21:08:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/27 21:08:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/27 21:08:15 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/27 21:08:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/27 21:08:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/27 21:08:15 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/27 21:08:15 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/27 21:08:14 | 00,000,000 | ---D | C] -- C:\c762295ebd59545d2cab9cdd6ef40f53
[2009/03/24 19:53:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/24 19:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/03/24 19:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/02/09 15:33:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2009/02/01 18:17:16 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2008/01/12 22:54:00 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/22 11:29:57 | 00,000,026 | ---- | C] () -- C:\WINDOWS\SnapShot.INI
[2006/12/23 16:09:41 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/07/26 21:39:40 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/07/14 23:02:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/07/11 20:18:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/07/08 23:46:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006/07/07 22:53:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/07 22:53:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/07 22:53:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/07 22:53:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/07 22:53:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/07 22:53:19 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/27 15:15:21 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/27 15:15:03 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/04/27 15:14:52 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/27 15:14:32 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/27 15:12:21 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/08 13:06:05 | 00,000,766 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2006/03/28 07:57:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/22 11:16:53 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/03/10 11:42:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PictEasy.INI
[2006/03/10 11:40:41 | 00,000,198 | ---- | C] () -- C:\WINDOWS\pez11.ini
[2006/02/18 10:49:25 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/16 05:28:26 | 00,000,317 | ---- | C] () -- C:\WINDOWS\elitemediagroup.ini
[2006/01/06 23:30:55 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tbd_G1ssg.ini
[2005/09/18 12:57:44 | 00,000,817 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2005/09/02 22:14:27 | 00,000,465 | ---- | C] () -- C:\WINDOWS\rneec.dll
[2004/09/24 21:42:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/10 23:34:18 | 00,000,147 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2004/08/15 23:08:34 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/08/01 12:36:57 | 00,000,045 | ---- | C] () -- C:\WINDOWS\GBKHGNIJ.ini
[2004/07/31 18:36:46 | 00,000,297 | ---- | C] () -- C:\WINDOWS\System32\MSrev43.dll
[2004/03/28 20:01:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2004/03/28 19:28:16 | 00,000,280 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2004/03/21 15:22:45 | 00,076,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2004/03/20 17:20:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2003/12/09 13:16:52 | 00,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[2003/11/07 23:27:18 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/09/12 22:21:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/08/30 13:00:51 | 00,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2003/07/12 21:24:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/07/12 00:29:52 | 00,000,409 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2003/07/12 00:15:33 | 00,038,688 | ---- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2003/07/12 00:15:33 | 00,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2003/06/29 19:11:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2003/06/29 12:40:45 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2003/06/25 11:39:14 | 00,000,445 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/06/25 11:39:14 | 00,000,445 | ---- | C] () -- C:\WINDOWS\OEMINFO.INI
[2003/06/25 11:36:17 | 00,051,376 | ---- | C] () -- C:\WINDOWS\dbetdf04.ini
[2003/06/25 11:36:17 | 00,019,263 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2003/06/25 11:36:17 | 00,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/06/25 11:36:17 | 00,008,405 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/06/25 11:36:17 | 00,006,425 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/06/25 11:36:17 | 00,005,602 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2003/06/25 11:36:17 | 00,003,550 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/06/25 11:36:17 | 00,003,544 | ---- | C] () -- C:\WINDOWS\MSMUSCTL.INI
[2003/06/25 11:36:17 | 00,003,045 | ---- | C] () -- C:\WINDOWS\WIZARDS.INI
[2003/06/25 11:36:17 | 00,002,324 | ---- | C] () -- C:\WINDOWS\VISTA32D.INI
[2003/06/25 11:36:17 | 00,002,276 | ---- | C] () -- C:\WINDOWS\SUPERFLY.INI
[2003/06/25 11:36:17 | 00,001,238 | ---- | C] () -- C:\WINDOWS\HPFDJC08.INI
[2003/06/25 11:36:17 | 00,001,153 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/25 11:36:17 | 00,001,061 | ---- | C] () -- C:\WINDOWS\INTUADS.INI
[2003/06/25 11:36:17 | 00,001,058 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/06/25 11:36:17 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2003/06/25 11:36:17 | 00,000,835 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2003/06/25 11:36:17 | 00,000,821 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2003/06/25 11:36:17 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/06/25 11:36:17 | 00,000,775 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2003/06/25 11:36:17 | 00,000,774 | ---- | C] () -- C:\WINDOWS\CWDAUDIO.INI
[2003/06/25 11:36:17 | 00,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2003/06/25 11:36:17 | 00,000,674 | ---- | C] () -- C:\WINDOWS\EDOC16.INI
[2003/06/25 11:36:17 | 00,000,610 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2003/06/25 11:36:17 | 00,000,595 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2003/06/25 11:36:17 | 00,000,482 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2003/06/25 11:36:17 | 00,000,482 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/06/25 11:36:17 | 00,000,469 | ---- | C] () -- C:\WINDOWS\TSMAKER2.INI
[2003/06/25 11:36:17 | 00,000,444 | ---- | C] () -- C:\WINDOWS\MIDIPLYR.INI
[2003/06/25 11:36:17 | 00,000,395 | ---- | C] () -- C:\WINDOWS\IMPORTCLIENT.INI
[2003/06/25 11:36:17 | 00,000,366 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/06/25 11:36:17 | 00,000,362 | ---- | C] () -- C:\WINDOWS\MMKeybd.ini
[2003/06/25 11:36:17 | 00,000,313 | ---- | C] () -- C:\WINDOWS\VIDEOIMP.INI
[2003/06/25 11:36:17 | 00,000,305 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2003/06/25 11:36:17 | 00,000,295 | ---- | C] () -- C:\WINDOWS\PPDRV.INI
[2003/06/25 11:36:17 | 00,000,273 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2003/06/25 11:36:17 | 00,000,240 | ---- | C] () -- C:\WINDOWS\KUDOVW32.INI
[2003/06/25 11:36:17 | 00,000,234 | ---- | C] () -- C:\WINDOWS\COOLSV32.INI
[2003/06/25 11:36:17 | 00,000,230 | ---- | C] () -- C:\WINDOWS\CDPLYR.INI
[2003/06/25 11:36:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\BASS.INI
[2003/06/25 11:36:17 | 00,000,226 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/06/25 11:36:17 | 00,000,198 | ---- | C] () -- C:\WINDOWS\PPI.INI
[2003/06/25 11:36:17 | 00,000,191 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/06/25 11:36:17 | 00,000,186 | ---- | C] () -- C:\WINDOWS\PAFMGR.INI
[2003/06/25 11:36:17 | 00,000,181 | ---- | C] () -- C:\WINDOWS\WINMINE.INI
[2003/06/25 11:36:17 | 00,000,179 | ---- | C] () -- C:\WINDOWS\WAVEPLYR.INI
[2003/06/25 11:36:17 | 00,000,171 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/06/25 11:36:17 | 00,000,171 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/06/25 11:36:17 | 00,000,168 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/06/25 11:36:17 | 00,000,157 | ---- | C] () -- C:\WINDOWS\MABVRX.INI
[2003/06/25 11:36:17 | 00,000,152 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/06/25 11:36:17 | 00,000,143 | ---- | C] () -- C:\WINDOWS\SYSMIXER.INI
[2003/06/25 11:36:17 | 00,000,143 | ---- | C] () -- C:\WINDOWS\GBROWSER.INI
[2003/06/25 11:36:17 | 00,000,140 | ---- | C] () -- C:\WINDOWS\MRCLOCK.INI
[2003/06/25 11:36:17 | 00,000,129 | ---- | C] () -- C:\WINDOWS\Picture Easy 3.ini
[2003/06/25 11:36:17 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/25 11:36:17 | 00,000,116 | ---- | C] () -- C:\WINDOWS\MEDIARCK.INI
[2003/06/25 11:36:17 | 00,000,105 | ---- | C] () -- C:\WINDOWS\MAPIUID.INI
[2003/06/25 11:36:17 | 00,000,102 | ---- | C] () -- C:\WINDOWS\PDHPRO.INI
[2003/06/25 11:36:17 | 00,000,091 | ---- | C] () -- C:\WINDOWS\EPSONEM.INI
[2003/06/25 11:36:17 | 00,000,076 | ---- | C] () -- C:\WINDOWS\EREGPUHP.INI
[2003/06/25 11:36:17 | 00,000,071 | ---- | C] () -- C:\WINDOWS\Calmaker.ini
[2003/06/25 11:36:17 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2003/06/25 11:36:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\STRINGS.INI
[2003/06/25 11:36:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\MDM.INI
[2003/06/25 11:36:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2003/06/25 11:36:17 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/06/25 11:36:17 | 00,000,060 | ---- | C] () -- C:\WINDOWS\Constrct.ini
[2003/06/25 11:36:17 | 00,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2003/06/25 11:36:17 | 00,000,056 | ---- | C] () -- C:\WINDOWS\MMATES.INI
[2003/06/25 11:36:17 | 00,000,055 | ---- | C] () -- C:\WINDOWS\TRAPPRO.INI
[2003/06/25 11:36:17 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/06/25 11:36:17 | 00,000,052 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2003/06/25 11:36:17 | 00,000,051 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
[2003/06/25 11:36:17 | 00,000,050 | ---- | C] () -- C:\WINDOWS\WINFILE.INI
[2003/06/25 11:36:17 | 00,000,049 | ---- | C] () -- C:\WINDOWS\DESIGNE.INI
[2003/06/25 11:36:17 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AtHomePC.Ini
[2003/06/25 11:36:17 | 00,000,044 | ---- | C] () -- C:\WINDOWS\BD40.INI
[2003/06/25 11:36:17 | 00,000,041 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2003/06/25 11:36:17 | 00,000,038 | ---- | C] () -- C:\WINDOWS\PSSE.INI
[2003/06/25 11:36:17 | 00,000,034 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2003/06/25 11:36:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/06/25 11:36:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.INI
[2003/06/25 11:36:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/06/25 11:36:17 | 00,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2003/06/25 11:36:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/06/25 11:36:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\@LOHA.INI
[2003/06/25 11:36:17 | 00,000,022 | ---- | C] () -- C:\WINDOWS\FlpUtil.ini
[2003/06/25 11:36:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_SETUP.INI
[2003/06/25 11:36:17 | 00,000,019 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TAPILDR.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SCANTIFF.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PEZDOWNLOAD.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPSERVE.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MMPLAY.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MADCCS.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MADCCF.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2003/06/25 11:36:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BROWSER.INI
[2003/06/25 11:18:17 | 00,004,745 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/06/25 11:18:01 | 00,000,458 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/12/07 19:16:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\PANIC32.dll
[2002/12/07 19:16:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\PANICNT.dll
[2002/06/20 15:09:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/04/20 12:54:25 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2002/04/20 12:54:06 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
[2002/04/20 12:54:05 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
[2002/01/16 21:06:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IDMC1Reg.dll
[2001/05/01 19:35:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2001/05/01 19:35:03 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\WVJAVA.DLL
[2001/05/01 19:34:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\URMCFG32.DLL
[2001/05/01 19:34:59 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\URMCLN32.DLL
[2001/05/01 19:34:57 | 00,058,880 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.DLL
[2001/05/01 19:34:57 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.DLL
[2001/05/01 19:34:57 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\TALUPC32.DLL
[2001/05/01 19:34:51 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\RDBIOS32.DLL
[2001/05/01 19:34:46 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\P3AppIFace.dll
[2001/05/01 19:34:44 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2001/05/01 19:34:41 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2001/05/01 19:34:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2001/05/01 19:34:37 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSIOSD32.DLL
[2001/05/01 19:34:31 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2001/05/01 19:34:30 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2001/05/01 19:34:29 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2001/05/01 19:34:27 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/05/01 19:34:27 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2001/05/01 19:34:26 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\LAUNCHER.DLL
[2001/05/01 19:34:25 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2001/05/01 19:34:22 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2001/05/01 19:34:21 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ICQSOCK.DLL
[2001/05/01 19:34:21 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\ICQCPRT.DLL
[2001/05/01 19:34:21 | 00,058,368 | ---- | C] () -- C:\WINDOWS\System32\ICQUIEX.DLL
[2001/05/01 19:34:21 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2001/05/01 19:34:21 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ICQWUTL.DLL
[2001/05/01 19:34:21 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ICQWCOM.DLL
[2001/05/01 19:34:21 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\ICQCUTL.DLL
[2001/05/01 19:34:21 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HPSOCEX.DLL
[2001/05/01 19:34:20 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2001/05/01 19:34:20 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\ftpclient.dll
[2001/05/01 19:34:20 | 00,006,932 | ---- | C] () -- C:\WINDOWS\System32\GLSCAN.SYS
[2001/05/01 19:34:16 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2001/05/01 19:34:14 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2001/05/01 19:32:58 | 00,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2001/05/01 19:32:57 | 00,106,016 | ---- | C] () -- C:\WINDOWS\u1220_32.dll
[2001/05/01 19:32:45 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[38 C:\WINDOWS\*.tmp files]
[2009/04/22 09:43:05 | 37,789,7984 | ---- | M] () -- C:\outlook.pst
[2009/04/22 09:30:35 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\Microsoft Office Outlook 2007.lnk
[2009/04/22 08:45:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
[2009/04/22 03:19:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{7BAB1505-145D-11D3-9867-444553540000}_HAGER.job
[2009/04/22 01:58:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_HAGER.job
[2009/04/21 16:38:02 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Photosmart 8200 Series.job
[2009/04/21 15:32:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 15:30:13 | 00,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/21 15:27:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 15:27:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 13:37:44 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\settings.dat
[2009/04/21 13:29:34 | 01,159,434 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\readme.rar
[2009/04/21 13:26:09 | 00,189,400 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\readme.rar
[2009/04/21 12:00:00 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/21 10:28:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HAGER\Desktop\OTListIt2.exe
[2009/04/20 16:34:06 | 56,886,9888 | ---- | M] () -- C:\outlook.bak
[2009/04/20 11:23:22 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 11:22:41 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HAGER\Desktop\mbam-setup.exe
[2009/04/20 01:30:00 | 00,000,560 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
[2009/04/20 01:15:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{D34F18B1-576E-11D0-B28C-00C04FD7CD22}_HAGER.job
[2009/04/19 21:06:05 | 01,563,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 19:02:37 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
[2009/04/17 09:57:30 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\gmer.zip
[2009/04/16 17:58:22 | 00,438,848 | ---- | M] () -- C:\Documents and Settings\HAGER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/16 15:26:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/16 14:00:43 | 00,000,082 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090416_140037.reg
[2009/04/16 10:00:58 | 00,440,104 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\RootRepeal.zip
[2009/04/16 09:31:29 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HAGER\My Documents\OTMoveIt3.exe
[2009/04/15 19:56:41 | 00,000,074 | ---- | M] () -- C:\NT4
[2009/04/15 19:45:33 | 00,000,458 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/15 19:40:27 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/15 19:09:24 | 00,000,288 | RHS- | M] () -- C:\boot.ini
[2009/04/15 19:04:04 | 03,009,908 | R--- | M] () -- C:\Documents and Settings\HAGER\My Documents\ComboFix.exe
[2009/04/15 10:01:30 | 00,517,094 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 10:01:30 | 00,437,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 10:01:30 | 00,069,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 09:53:19 | 00,000,775 | ---- | M] () -- C:\WINDOWS\OPLIMIT.INI
[2009/04/15 09:43:43 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\HAGER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/15 09:43:22 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\NTREGOPT.lnk
[2009/04/13 15:34:05 | 00,000,976 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\Spybot - Search & Destroy.lnk
[2009/04/13 15:30:03 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HAGER\My Documents\setup-spybotsd162.exe
[2009/04/13 14:27:26 | 00,301,322 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142710.reg
[2009/04/13 14:25:23 | 00,000,082 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142521.reg
[2009/04/13 14:24:41 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\CCleaner.lnk
[2009/04/13 14:20:37 | 00,000,082 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090413_142032.reg
[2009/04/11 19:33:52 | 00,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/04/08 15:04:31 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/08 14:56:05 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys
[2009/04/08 14:56:04 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\HAGER\Desktop\DVD43.lnk
[2009/04/07 10:19:46 | 00,004,676 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\cc_20090407_101931.reg
[2009/04/07 10:08:34 | 00,004,745 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/07 10:08:34 | 00,000,217 | ---- | M] () -- C:\Boot.bak
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 14:07:11 | 00,006,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 20:07:55 | 00,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2009/04/03 16:37:37 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\Adult Fishing.sig
[2009/04/03 16:14:51 | 00,002,229 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 20.lnk
[2009/04/01 19:19:26 | 00,002,229 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrintMaster 16.lnk
[2009/04/01 19:18:25 | 00,574,976 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\BCTU.sig
[2009/04/01 19:18:09 | 00,480,256 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\fish cleaning.sig
[2009/04/01 18:43:33 | 00,582,656 | ---- | M] () -- C:\Documents and Settings\HAGER\My Documents\BCTU FOOD.sig
[2009/04/01 04:16:00 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\{D34F18B2-576E-11D0-B28C-00C04FD7CD22}_HAGER.job
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== Alternate Data Streams ==========

@Alternate Data Stream - 25214 bytes -> C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url:favicon
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E966F1E9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00D439
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9D83120
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D492DA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7D2A38
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E50C1642
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C3F01AB
< End of report >
  • 0

#22
Rorschach112
Posted 22 April 2009 - 10:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

  • 0

#23
hbhager
Posted 22 April 2009 - 10:58 AM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:56 PM, on 04/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1428A472-5260-404E-9977-7ECDF1DAF936} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {B97B2E3B-ECF5-C558-ADFF-943B877623C7} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DVD Ghost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Search - ?p=ZUxdm486YYUS
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mw2: C:\PROGRA~1\INTERN~1\PLUGINS\NPLCSI32.dll
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.h...SWebManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124331718343
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www1.coolsavi...oad/CouponX.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.co...bugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v45/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE2F5D2F-5C86-4C99-A97F-5968657CA244}: NameServer = 71.242.0.12 71.252.0.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL
O20 - Winlogon Notify: daeaddafaeccfc - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15446 bytes
  • 0

#24
Rorschach112
Posted 22 April 2009 - 11:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
fix this with HJT

O20 - Winlogon Notify: daeaddafaeccfc - C:\WINDOWS\


reboot and post a new HJT Log
  • 0

#25
hbhager
Posted 22 April 2009 - 11:41 AM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:06 PM, on 04/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1428A472-5260-404E-9977-7ECDF1DAF936} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {B97B2E3B-ECF5-C558-ADFF-943B877623C7} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DVD Ghost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Search - ?p=ZUxdm486YYUS
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mw2: C:\PROGRA~1\INTERN~1\PLUGINS\NPLCSI32.dll
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.h...SWebManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124331718343
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www1.coolsavi...oad/CouponX.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.co...bugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v45/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE2F5D2F-5C86-4C99-A97F-5968657CA244}: NameServer = 71.242.0.12 71.252.0.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL
O20 - Winlogon Notify: daeaddafaeccfc - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15340 bytes
  • 0

Advertisements

#26
Rorschach112
Posted 22 April 2009 - 12:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



then fix that entry again, reboot and post a new HJT Log
  • 0

#27
hbhager
Posted 22 April 2009 - 01:09 PM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:59 PM, on 04/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1428A472-5260-404E-9977-7ECDF1DAF936} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {B97B2E3B-ECF5-C558-ADFF-943B877623C7} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DVD Ghost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Search - ?p=ZUxdm486YYUS
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mw2: C:\PROGRA~1\INTERN~1\PLUGINS\NPLCSI32.dll
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.h...SWebManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124331718343
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www1.coolsavi...oad/CouponX.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.co...bugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v45/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE2F5D2F-5C86-4C99-A97F-5968657CA244}: NameServer = 71.242.0.12 71.252.0.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL
O20 - Winlogon Notify: daeaddafaeccfc - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15211 bytes
  • 0

#28
Rorschach112
Posted 22 April 2009 - 03:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
boot into safe mode and fix that entry
  • 0

#29
hbhager
Posted 22 April 2009 - 07:38 PM

hbhager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
What am I supposed to fix ?
  • 0

#30
Rorschach112
Posted 23 April 2009 - 03:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
this entry

O20 - Winlogon Notify: daeaddafaeccfc - C:\WINDOWS\
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP