Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AntiVir and MBAM are unable to update. Slow Computer 100% usage.

Started by blugrassgurrl , May 11 2009 10:32 AM

  • Please log in to reply

#1
blugrassgurrl
Posted 11 May 2009 - 10:32 AM

blugrassgurrl

    New Member

  • Member
  • Pip
  • 9 posts
I have windows XP and was using symantec antivirus. I removed symantec to try the Avast from this site, but it wouldnt let me download it. it kept saying there was a setup error. So i downloaded Avira Antivir instead, which installed and will scan, but will not update. it says there is an error. i also downloaded MBAM, which found 62 problems on my computer, mainly trojans, but also is not being allowed to update. So i'm posting the Rooter Log, and the OTListIt log, and the MBAM log. PLEASE respond to this, i use this computer to run my business. The internet runs extremely slow, and sometimes not at all. Thanks alot!


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:35259 Mo/Free:3198 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Fixed] - FAT32 - (Total:305160 Mo/Free:1105 Mo)

Mon 05/11/2009|12:19

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\LogMeIn\x86\LogMeIn.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- c:\program files\aim toolbar\aimtbServer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
---------- C:\Program Files\Avira\AntiVir Desktop\sched.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\randomname.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/11/2009|12:19

----------------------\\ Scan completed at 12:19





OTListIt logfile created on: 5/11/2009 12:20:31 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Tara\Local Settings\Temporary Internet Files\Content.IE5\ANZ9MQRI
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 635.49 Mb Available Physical Memory | 62.18% Memory free
1.65 Gb Paging File | 1.28 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 15.12 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.01 Gb Total Space | 273.08 Gb Free Space | 91.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUMBLEWEEDS
Current User Name: Tara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - c:\program files\aim toolbar\aimtbServer.exe (AOL LLC.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Documents and Settings\Tara\Local Settings\Temporary Internet Files\Content.IE5\ANZ9MQRI\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Disabled | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISPwdSvc [Disabled | Stopped]) -- File not found
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Symantec Core LC [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SbcpHid [Auto | Running]) -- C:\WINDOWS\system32\Drivers\SbcpHid.sys ()
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...n...px&id=64855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft...amp;ar=iesearch
IE - URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"


[2007/12/12 18:10:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tara\Application Data\mozilla\Firefox\Profiles\0we26qsa.default\extensions
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Tara\Application Data\Mozilla\FireFox\Profiles\0we26qsa.default\searchplugins\MySpace.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - Reg Error: Value error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [{4D-D2-29-9F-ZN}] C:\windows\system32\oodsrngr.exe CHD003 File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED [2007/01/05 10:41:17 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm (America Online, Inc)
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll (JavaSoft / Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: errorsafe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: winantispyware.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: winantivirus.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: winfixer.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 81 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 00,000,071 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/09/09 08:24:52 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\{444d5e44-36fc-11dd-915e-001111adc6d7}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{444d5e44-36fc-11dd-915e-001111adc6d7}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{444d5e44-36fc-11dd-915e-001111adc6d7}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{444d5e44-36fc-11dd-915e-001111adc6d7}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{dd5eaa68-f78f-11dc-9132-001111adc6d7}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: ('autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*') - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\*.tmp files]
File not found -- C:\WINDOWS\System32\zce7a3ce.dll
File not found -- C:\SS1001newer.exe
File not found -- C:\RDFX4.exe
File not found -- C:\MTE3NDI6ODoxNgnew.exe
File not found -- C:\installerwnusnewer.exe
File not found -- C:\installerwnusnew.exe
File not found -- C:\installerwnus.exe
[2009/05/11 12:18:03 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Tara\Desktop\Rooter.exe
[2009/05/11 12:17:36 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/11 11:49:54 | 00,001,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/05/11 11:49:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/11 11:49:38 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/11 11:49:38 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/11 11:49:38 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/11 11:49:37 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/11 11:49:37 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/11 11:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/11 11:49:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/11 10:38:12 | 00,000,730 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/11 10:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tara\Application Data\Malwarebytes
[2009/05/11 10:36:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/11 10:36:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/11 10:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/11 10:36:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 16:30:44 | 00,033,792 | ---- | C] () -- C:\DOCUME~1\Tara\My Documents\Poster_form_0420(1).xls
[2009/04/26 17:13:02 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Tara\Desktop\EBAY INVOICES
[2009/04/24 10:49:03 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/24 10:49:03 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/24 10:49:03 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/24 10:49:02 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/24 10:49:02 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/24 10:49:02 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/24 10:49:02 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/24 10:49:02 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/24 10:49:01 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/24 10:49:01 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/18 19:39:54 | 00,019,968 | ---- | C] () -- C:\DOCUME~1\Tara\Desktop\WIN.doc
[2009/04/17 12:16:36 | 00,096,155 | ---- | C] () -- C:\DOCUME~1\Tara\Desktop\record store day jpeg.JPG
[2009/04/14 16:56:52 | 00,104,448 | ---- | C] () -- C:\DOCUME~1\Tara\Desktop\OBR_4B_(1).xls
[2009/04/11 14:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2009/04/11 14:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/04/11 14:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic
[2009/04/11 14:36:54 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic
[2009/03/19 10:51:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/03/10 13:08:33 | 00,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/09/23 15:04:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/01/10 18:43:29 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/12 18:15:31 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/05 12:00:55 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\acdc2_s.dll
[2007/01/05 10:59:21 | 00,002,162 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2007/01/05 10:49:39 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/05 10:49:39 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/10 10:53:59 | 00,852,136 | ---- | C] () -- C:\WINDOWS\System32\WinNB65.dll
[2006/09/10 10:53:59 | 00,000,928 | ---- | C] () -- C:\WINDOWS\System32\winpfg32.sys
[2006/09/10 10:53:59 | 00,000,239 | ---- | C] () -- C:\WINDOWS\em06y.ini
[2006/08/18 11:09:52 | 00,001,233 | ---- | C] () -- C:\WINDOWS\System32\aaa00000.sys
[2006/06/29 10:07:36 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\BattyRun.dll
[2006/06/28 15:36:49 | 00,001,063 | ---- | C] () -- C:\WINDOWS\System32\zce7a3ce.ini
[2006/06/26 16:03:00 | 00,001,057 | ---- | C] () -- C:\WINDOWS\System32\zce7a3ce.sys
[2005/10/07 12:12:05 | 00,000,525 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2005/10/07 12:12:05 | 00,000,435 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2005/10/07 12:12:05 | 00,000,130 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2005/10/07 12:11:38 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ccam_suite.ini
[2005/03/02 14:28:21 | 00,005,192 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/25 13:24:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/24 21:48:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/24 21:39:59 | 00,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/24 21:00:00 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 15:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:04:08 | 00,000,830 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 14:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/04 07:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/03/09 16:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/08/05 12:29:18 | 00,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[3 C:\*.tmp files]
[8 C:\WINDOWS\System32\*.tmp files]
[2009/05/11 12:18:04 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Tara\Desktop\Rooter.exe
[2009/05/11 11:49:54 | 00,001,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/05/11 11:42:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/11 11:42:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 11:42:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Tara\Local Settings\DESKTOP.INI
[2009/05/11 11:42:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/11 11:41:58 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/11 10:42:45 | 00,000,730 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/08 14:21:51 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/05/04 22:36:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/02 17:32:01 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/04/30 16:30:44 | 00,033,792 | ---- | M] () -- C:\DOCUME~1\Tara\My Documents\Poster_form_0420(1).xls
[2009/04/25 03:15:28 | 00,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/25 03:15:28 | 00,402,406 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/04/25 03:15:28 | 00,063,016 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/04/25 03:03:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 19:39:55 | 00,019,968 | ---- | M] () -- C:\DOCUME~1\Tara\Desktop\WIN.doc
[2009/04/17 12:16:36 | 00,096,155 | ---- | M] () -- C:\DOCUME~1\Tara\Desktop\record store day jpeg.JPG
[2009/04/16 14:10:34 | 00,730,112 | ---- | M] () -- C:\DOCUME~1\Tara\Desktop\record store day flyers.doc
[2009/04/14 16:56:52 | 00,104,448 | ---- | M] () -- C:\DOCUME~1\Tara\Desktop\OBR_4B_(1).xls
< End of report >


OTListIt Extras logfile created on: 5/11/2009 12:20:31 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Tara\Local Settings\Temporary Internet Files\Content.IE5\ANZ9MQRI
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 635.49 Mb Available Physical Memory | 62.18% Memory free
1.65 Gb Paging File | 1.28 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 15.12 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.01 Gb Total Space | 273.08 Gb Free Space | 91.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUMBLEWEEDS
Current User Name: Tara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare (Eastman Kodak Company)
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager (Intuit, Inc.)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6143CB7-8541-4B54-A7F9-CF483A258603}" = QuickBooks Point of Sale 8 Trial
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E78DAA24-38F8-4D35-B732-B18ABA0424DF}" = Microsoft Office Live Image Uploader
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BroadJump Client Foundation" = BroadJump Client Foundation
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DellSupport" = Dell Support 5.0.0 (630)
"Digital Camera Suite" = Digital Camera Suite
"Fast Browser SearchP" = Fast Browser Search Protection
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = SureThing CD Labeler
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photodex Presenter" = Photodex Presenter
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"UltraISO_is1" = UltraISO V7.25 ME
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2009 1:10:23 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\Tumbleweeds.QBW;ENG=QB_data_engine_19;DBN=0c6ba87111b343d6b9a35cd1e529bd

Error - 5/8/2009 1:10:23 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 906 from
function:'DBMgr::DBConnPool::ini

Error - 5/8/2009 2:18:50 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/8/2009 2:18:50 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/8/2009 2:18:50 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/8/2009 2:18:58 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
Error:Invalid user ID or passwo

Error - 5/8/2009 2:18:58 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\Tumbleweeds.QBW;ENG=QB_data_engine_19;DBN=a09a30831b5b418ab27c457eada494

Error - 5/8/2009 2:18:58 PM | Computer Name = TUMBLEWEEDS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 906 from
function:'DBMgr::DBConnPool::ini

Error - 5/8/2009 3:25:54 PM | Computer Name = TUMBLEWEEDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2009 12:39:58 PM | Computer Name = TUMBLEWEEDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/11/2009 11:40:49 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:40:50 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/11/2009 11:42:40 AM | Computer Name = TUMBLEWEEDS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSPX

Error - 5/11/2009 11:42:41 AM | Computer Name = TUMBLEWEEDS | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.101,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >






Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

5/11/2009 11:25:50 AM
mbam-log-2009-05-11 (11-25-50).txt

Scan type: Quick Scan
Objects scanned: 91310
Time elapsed: 38 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 48
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 8
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tbsb07183.tbsb07183toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tara\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tara\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tara\Application Data\FunWebProducts\Data\Tara (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP