Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removing Adwarealert.exe -boot

Started by amstuart , May 19 2009 12:37 PM

  • Please log in to reply

#1
amstuart
Posted 19 May 2009 - 12:37 PM

amstuart

    Member

  • Member
  • PipPipPip
  • 102 posts
Hi:

I am trying to clean a friend's HP laptop. Last order of business is removing Adwarealert.exe -boot which keeps trying to run on start-up. I am using WinPatrol and have eliminated it from the Startup folder, as well as emptied the Registry of every instance of Adwarealert.exe, adware, ad-warealert.exe, etc. I used KillBox to delete the various entries, and used a shareware utility (Spywarescan) to find the program but it would not remove unless I paid. Are there any FREE utilities to get rid of this software? Malwarebytes and other utilites do not help in this instance since the software is not "malware", just annoying as it tries to run on each start-up.
Malwarebytes' Anti-Malware 1.36
Database version: 2156
Windows 5.1.2600 Service Pack 3

5/20/2009 9:18:47 AM
mbam-log-2009-05-20 (09-18-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 153846
Time elapsed: 42 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:28607 Mo/Free:1174 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 05/20/2009|12:33

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\System32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\HPConfig.exe
---------- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
---------- C:\Program Files\Common Files\Motive\McciCMService.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\wanmpsvc.exe
---------- C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Palm\HOTSYNC.EXE
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\ATTToolbar\FDServer.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 05/20/2009|12:34

----------------------\\ Scan completed at 12:34

OTListIt logfile created on: 5/20/2009 12:36:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 190.62 Mb Available Physical Memory | 42.69% Memory free
694.45 Mb Paging File | 304.54 Mb Available in Paging File | 43.85% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 17.15 Gb Free Space | 61.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CPQ88851404613
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE (Dritek System Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\ATTToolbar\FDServer.exe (AT&T Inc.)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HPConfig [Auto | Running]) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr [Auto | Running]) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (allegro [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atimpab [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atimpab.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (caboagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (CALIAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (CALIHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CE3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ce3n5.sys (Xircom, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (DP83815 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPCI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hpci.sys (Hewlett-Packard)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (LEX_NIC_SERVICE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Express.sys (LAN-Express)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (W8335XP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\WG511v2XP.sys (Marvell Semiconductor, Inc)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



O1 HOSTS File: (305970 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - HKCU..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\Quicken\billmind.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/20 12:35:31 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/05/20 12:33:39 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/20 12:20:09 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/05/20 12:01:59 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTListIt2.exe
[2009/05/20 11:47:44 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/20 09:55:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/20 09:55:21 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/20 09:55:13 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/20 09:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/05/20 09:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/19 17:19:49 | 00,001,480 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/19 14:10:45 | 00,000,801 | ---- | C] () -- C:\WINDOWS\ScanSpyware.INI
[2009/05/19 14:04:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ScanSpyware
[2009/05/19 14:03:28 | 04,062,224 | ---- | C] (ScanSpyware.net ) -- C:\Program Files\ScanSpyware_3.9.1.7.exe
[2009/05/19 11:02:51 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/05/19 11:02:38 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Program Files\KillBox.exe
[2009/05/19 10:07:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/05/19 07:50:56 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE
[2009/05/19 07:50:24 | 00,690,568 | ---- | C] (Malwarebytes ) -- C:\Program Files\rr-free-setup.exe
[2009/05/19 05:51:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/18 18:19:52 | 00,002,883 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/18 18:02:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/18 18:02:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/18 18:01:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/18 17:19:04 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/18 17:19:04 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/18 16:02:20 | 00,001,548 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\CCleaner.lnk
[2009/05/18 16:01:54 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/18 16:00:03 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe
[2009/05/18 15:57:59 | 00,000,687 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\CleanUp!.lnk
[2009/05/18 15:56:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2009/05/18 15:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/05/18 15:55:36 | 00,339,257 | ---- | C] () -- C:\Program Files\CleanUp452.exe
[2009/05/18 15:52:06 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/05/18 15:51:14 | 00,887,176 | ---- | C] (BillP Studios) -- C:\Program Files\wpsetup.exe
[2009/05/18 15:29:40 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/05/18 15:29:38 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/18 15:29:36 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/18 15:29:26 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/18 15:29:25 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/18 15:29:06 | 36,268,955 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/18 15:29:06 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/18 15:29:06 | 00,057,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/18 15:29:05 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/18 15:29:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/05/18 15:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/18 15:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/18 14:57:42 | 65,103,168 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_339a1525.exe
[2009/05/18 12:55:06 | 00,000,933 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/05/18 12:54:54 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/18 12:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/18 12:54:10 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2009/05/18 11:41:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/05/18 11:41:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/18 11:41:10 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 11:41:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/18 11:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/18 11:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/18 11:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/18 11:38:59 | 00,000,690 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\SpywareBlaster.lnk
[2009/05/18 11:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/05/18 11:37:37 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
[2009/05/18 11:36:34 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2007/09/13 08:44:24 | 00,000,315 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/06/12 21:06:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/27 22:16:02 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/05/03 19:13:43 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/04/29 19:05:33 | 00,000,246 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/01/01 20:50:28 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/01/01 20:47:44 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2005/01/01 20:47:37 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/12/26 20:49:54 | 00,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini
[2004/11/17 20:54:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/05/15 19:27:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/02/28 23:07:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2004/02/27 21:06:51 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/02/05 21:10:52 | 00,000,235 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/02/05 21:03:43 | 00,000,536 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/02/05 21:03:06 | 00,000,962 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/17 18:36:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/12/17 18:36:14 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/12/17 18:18:42 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/17 18:17:31 | 00,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/09 11:15:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 10:49:46 | 00,000,634 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/09 03:34:18 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/05/20 12:20:15 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/05/20 12:10:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/20 12:02:08 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTListIt2.exe
[2009/05/20 11:47:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/20 11:47:50 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/20 11:47:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/20 11:47:44 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/20 09:55:21 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/20 09:47:38 | 36,268,955 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/20 09:47:38 | 00,057,765 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/20 07:38:30 | 00,001,480 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/20 07:38:24 | 00,305,970 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/20 06:10:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/19 14:10:46 | 00,000,801 | ---- | M] () -- C:\WINDOWS\ScanSpyware.INI
[2009/05/19 10:08:48 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/19 10:07:54 | 00,051,907 | ---- | M] () -- C:\VETlog.dmp
[2009/05/19 10:07:06 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/05/19 09:57:29 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/19 06:04:37 | 00,367,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/19 06:04:36 | 00,046,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/19 06:04:32 | 00,418,486 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/19 05:57:24 | 00,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/18 18:34:07 | 00,002,883 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/18 17:19:04 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/18 17:09:01 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/05/18 17:07:03 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/18 16:02:20 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\CCleaner.lnk
[2009/05/18 15:57:59 | 00,000,687 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\CleanUp!.lnk
[2009/05/18 15:29:40 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/05/18 15:29:38 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/18 15:29:36 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/18 15:29:27 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/18 15:29:25 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/18 15:29:06 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/18 15:29:06 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/18 12:55:07 | 00,000,933 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/05/18 11:41:10 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 11:38:59 | 00,000,690 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\SpywareBlaster.lnk
[2009/05/17 14:08:18 | 00,032,256 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\RENEnewresume.doc
[2009/05/17 14:01:12 | 00,002,497 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\DOCUME~1\Owner\Desktop\reservation.ics:SummaryInformation
< End of report >

OTListIt Extras logfile created on: 5/20/2009 12:36:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 190.62 Mb Available Physical Memory | 42.69% Memory free
694.45 Mb Paging File | 304.54 Mb Available in Paging File | 43.85% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 17.15 Gb Free Space | 61.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CPQ88851404613
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~2.0 (America Online, Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~2.0 (America Online, Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe (Motive Communications, Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ()
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{1CAA2464-9195-4166-BE45-C8F2E8FDD269}" = Snapfish Picture Mover
"{1EC8B87D-0D44-4466-99B8-7A490A7CC6CE}" = Palm Desktop
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = Easy Internet Sign-up
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}" = iTunes
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A6792A59-15B3-4FD4-BE35-45F1E00A51AF}" = Hpsetup
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}" = Notebook Utilities
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B93D24B3-928D-4805-B379-4AA47CB3794E}" = NETGEAR WG511v2 54 Mbps Wireless PC Card
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D0604F35-314C-4341-A05E-3FEABCFDD470}" = Desktop Zoom
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AOL Explorer" = AOL Explorer
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArcSoft Software Suite" = ArcSoft Software Suite
"ATI Display Driver" = ATI Display Driver
"ATTToolbar" = AT&T Toolbar
"AVG8Uninstall" = AVG Free 8.5
"BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.3
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0024103C" = Conexant 56K ACLink Modem
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}" = iTunes
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{B93D24B3-928D-4805-B379-4AA47CB3794E}" = NETGEAR WG511v2 54 Mbps Wireless PC Card
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"Picasa" = Picasa
"Picasa2" = Picasa 2
"QT4HPOT" = One-Touch Buttons
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"Skype_is1" = Skype 2.5
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Weather Channel Desktop" = The Weather Channel Desktop
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2009 9:28:34 AM | Computer Name = CPQ88851404613 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1002.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 5/20/2009 9:35:45 AM | Computer Name = CPQ88851404613 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1002.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

[ System Events ]
Error - 5/20/2009 10:25:29 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/20/2009 10:25:29 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/20/2009 10:25:29 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 5/20/2009 10:25:29 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/20/2009 10:25:29 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip

Error - 5/20/2009 10:25:41 AM | Computer Name = CPQ88851404613 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 5/20/2009 11:46:37 AM | Computer Name = CPQ88851404613 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/20/2009 11:49:44 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7000
Description = The vdo_528e-1302 service failed to start due to the following error:
%%2

Error - 5/20/2009 11:49:46 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 5/20/2009 11:49:46 AM | Computer Name = CPQ88851404613 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >



Thank you.

Adam

Edited by amstuart, 20 May 2009 - 10:54 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP