Malewarebyte's
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
4/25/2009 7:16:05 PM
mbam-log-2009-04-25 (19-16-05).txt
Scan type: Quick Scan
Objects scanned: 71135
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prubesidaci (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Cguvonutulivihan.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
OTlistIt
OTListIt logfile created on: 4/25/2009 7:48:20 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RC6W9V4I
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 423.05 Mb Available Physical Memory | 41.40% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 139.55 Gb Free Space | 74.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WINXPHOME2
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\program files\steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
PRC - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RC6W9V4I\OTListIt2[1].exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Stopped]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
SRV - (McShield [Auto | Running]) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (bkn50USB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (Network Associates, Inc.)
DRV - (NaiAvTdi1 [System | Running]) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (npkcrypt [On_Demand | Stopped]) -- C:\Program Files\Lineage II - PTS_PTS\system\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (EntDrv51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (Network Associates, Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gulfcoast.cox.net/cci/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: (19 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (Valve Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\pawehuhe.dll) - c:\windows\system32\pawehuhe.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\vulademu.dll) - C:\WINDOWS\system32\vulademu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\maligoha.dll) - c:\windows\system32\maligoha.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{51eb5efa-4df6-11dd-8ee1-000cf18c01a3}\Shell\AutoRun\command - "" = E:\RCAMemoryMgr.exe -- File not found
O33 - MountPoints2\{51eb5efa-4df6-11dd-8ee1-000cf18c01a3}\Shell\Manage your videos\command - "" = E:\RCAMemoryMgr.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[8 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/25 19:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/25 19:05:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 19:05:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/25 19:05:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/25 19:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/25 19:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/25 18:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/25 17:58:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/04/25 17:27:28 | 00,000,000 | ---D | C] -- C:\MFT 2457
[2009/04/25 15:33:10 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/04/25 15:33:08 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/04/25 15:33:06 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/04/25 15:32:55 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/04/25 15:32:55 | 00,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/04/25 15:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/25 15:32:31 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/04/25 15:25:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/04/25 14:36:53 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/25 14:36:53 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/25 14:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/04/25 14:28:46 | 00,000,882 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
[2009/04/25 14:27:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/04/25 13:29:03 | 01,131,176 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Owner\Desktop\InstallWoW.exe
[2009/04/20 16:24:18 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work - for merge.doc
[2009/04/20 16:16:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$lm production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/17 11:31:01 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/16 22:22:12 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Spanish Extra Credit.doc
[2009/04/14 13:17:32 | 00,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/04/13 23:32:33 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/09 18:23:14 | 00,168,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fed promisorry note info.pdf
[2009/04/09 18:17:29 | 00,153,518 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\promissory note lynn.pdf
[2009/04/04 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\[DB]_Bleach_213_[FEAB5642]
[2009/04/01 21:09:37 | 72,913,7152 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DL3.5_20092802.iso
[2008/12/30 17:28:16 | 00,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/31 16:18:58 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/31 16:18:57 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/31 16:18:57 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/31 16:17:01 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/09 15:35:25 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/09 15:35:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/21 14:19:37 | 00,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2007/12/18 22:14:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2007/05/08 16:12:51 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PMXUPL~1.INI
[2007/05/06 11:17:39 | 00,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2007/05/06 11:17:39 | 00,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2007/05/06 11:17:38 | 00,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2007/05/06 11:13:48 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\Wnaspi32.dll
[2006/12/03 17:18:14 | 00,000,710 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/10/14 16:25:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/04 07:00:00 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
========== Files - Modified Within 30 Days ==========
[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[8 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/25 19:18:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/25 19:18:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/25 19:18:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 19:17:56 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/25 19:17:42 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/25 19:17:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 19:17:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 19:16:48 | 04,317,636 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/25 19:05:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 18:21:05 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/04/25 18:19:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/25 18:19:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/25 17:14:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/25 17:14:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/25 17:14:44 | 00,342,958 | ---- | M] () -- C:\logfile
[2009/04/25 17:04:07 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/04/25 17:02:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/25 17:01:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/25 16:58:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/25 16:58:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/25 15:33:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/04/25 15:33:07 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/04/25 15:32:55 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/04/25 15:32:55 | 00,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/04/25 14:40:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/25 14:40:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/25 14:37:17 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/25 14:36:53 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/25 14:28:46 | 00,000,882 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
[2009/04/25 13:23:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/25 13:23:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/25 00:00:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/25 00:00:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/24 21:55:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/24 21:55:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/24 18:39:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/24 18:39:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/24 10:39:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/24 10:39:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/23 23:01:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/23 23:01:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/23 21:57:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/23 21:57:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/23 10:41:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/23 10:41:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/22 23:36:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/04/22 23:36:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/04/22 10:19:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/04/22 10:19:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/04/21 22:01:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/21 22:01:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/21 12:23:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/21 12:23:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/20 20:14:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/20 20:14:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/20 19:18:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 19:16:28 | 00,000,710 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/04/20 18:56:54 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work - for merge.doc
[2009/04/20 16:16:14 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$lm production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/20 15:40:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/20 15:40:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/18 19:46:53 | 01,302,528 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/18 19:38:41 | 02,732,032 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/17 15:15:22 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Spanish Extra Credit.doc
[2009/04/17 11:31:01 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Film production will enable me to develop my own voice and to explore my role as the storyteller of my own work.doc
[2009/04/16 22:22:18 | 00,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/14 13:17:32 | 00,041,808 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/04/09 18:23:14 | 00,168,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fed promisorry note info.pdf
[2009/04/09 18:17:29 | 00,153,518 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\promissory note lynn.pdf
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/01 21:47:46 | 00,000,133 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/01 21:11:24 | 72,913,7152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DL3.5_20092802.iso
< End of report >
Extras
OTListIt Extras logfile created on: 4/25/2009 7:48:20 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RC6W9V4I
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 423.05 Mb Available Physical Memory | 41.40% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 139.55 Gb Free Space | 74.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WINXPHOME2
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare (Eastman Kodak Company)
C:\Program Files\Steam\steamapps\diablo2lord\counter-strike\hl.exe:*:Disabled:Half-Life Launcher (Valve)
C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\BYOND\bin\byond.exe:*:Disabled:byond ()
C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Steam\steamapps\diablo2lord\counter-strike source\hl2.exe:*:Enabled:hl2 ()
C:\Program Files\Steam\steam.exe:*:Enabled:Steam (Valve Corporation)
C:\Program Files\Steam\steamapps\diablo2lord\condition zero\hl.exe:*:Disabled:Half-Life Launcher (Valve)
C:\Program Files\Steam\steamapps\diablo2lord\garrysmod\hl2.exe:*:Enabled:hl2 ()
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice (Microsoft Corporation)
C:\Program Files\Steam\steamapps\diablo2lord\day of defeat\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe:*:Enabled:naPrdMgr (Network Associates, Inc.)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService (Apple Inc.)
C:\Program Files\Steam\steamapps\diablo2lord\age of chivalry\hl2.exe:*:Enabled:hl2 ()
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo ()
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe:*:Enabled:dlbcserv ()
C:\Program Files\Network Associates\VirusScan\Mcshield.exe:*:Enabled:Mcshield (Network Associates, Inc.)
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:FrameworkService (Network Associates, Inc.)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Steam\steamapps\diablo2lord\day of defeat source\hl2.exe:*:Enabled:hl2 ()
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Steam\steamapps\shorthomeless21\counter-strike\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\Xfire\xfire.exe:*:Disabled:Xfire (Xfire Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AXIS Camera Server Control" = AXIS Camera Server Control
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxcast Uploader" = Maxcast Uploader (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Steam App 10" = Counter-Strike
"Steam App 17510" = Age of Chivalry
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 4000" = Garry's Mod
"Steam App 80" = Condition Zero
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"MiraScanV3.20" = MiraScan V3.20
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/25/2009 3:45:27 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 3:46:09 PM | Computer Name = WINXPHOME2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/25/2009 5:57:47 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 6:06:25 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 6:06:25 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.2 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 6:19:46 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.4 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 6:38:42 PM | Computer Name = WINXPHOME2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/25/2009 7:24:42 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.4 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 7:24:42 PM | Computer Name = WINXPHOME2 | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Blocked by Buffer Overflow Protection '_'.(from
WINXPHOME2 IP 192.168.2.4 user SYSTEM running VirusScan Enter 8.0 OAS)
Error - 4/25/2009 7:25:16 PM | Computer Name = WINXPHOME2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 4/25/2009 5:51:59 PM | Computer Name = WINXPHOME2 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.
Error - 4/25/2009 5:52:04 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 4/25/2009 6:01:01 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 4/25/2009 6:14:02 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 4/25/2009 6:41:56 PM | Computer Name = WINXPHOME2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 000CF18C01A3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).
Error - 4/25/2009 7:13:10 PM | Computer Name = WINXPHOME2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 000CF18C01A3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).
Error - 4/25/2009 7:18:37 PM | Computer Name = WINXPHOME2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 000CF18C01A3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).
Error - 4/25/2009 7:18:52 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 4/25/2009 8:17:46 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 4/25/2009 8:17:56 PM | Computer Name = WINXPHOME2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde
[ TuneUp Events ]
Error - 4/25/2009 8:05:26 PM | Computer Name = WINXPHOME2 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-25 19:05:26', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2064',0)
Error - 4/25/2009 8:05:38 PM | Computer Name = WINXPHOME2 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-25 19:05:38', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','360',0)
Error - 4/25/2009 8:28:01 PM | Computer Name = WINXPHOME2 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-25 19:28:01', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1152',0)
< End of report >