Malware Scan:
Malwarebytes' Anti-Malware 1.42
Database version: 3315
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/7/2009 9:50:14 PM
mbam-log-2009-12-07 (21-50-14).txt
Scan type: Quick Scan
Objects scanned: 119976
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Extras:
OTL Extras logfile created on: 12/7/2009 10:14:44 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.35% Memory free
4.00 Gb Paging File | 3.68 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 170.38 Gb Free Space | 72.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 698.64 Gb Total Space | 519.06 Gb Free Space | 74.30% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ATHLON-XP-3200
Current User Name: Craig
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight - Demo -- (Runic Games, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192F001E-941C-8EF4-EE43-83356B2FD4DD}" = Catalyst Control Center Localization Thai
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C462443-3F39-E0B4-8F2E-C1504E2796DB}" = Catalyst Control Center Graphics Previews Common
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{374BD3E0-8496-C870-5086-98C4D350C040}" = ccc-core-static
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59D47951-3EF0-5384-4F09-B22ABE5D27E9}" = CCC Help Chinese Traditional
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F5015D3-662A-B084-6DB7-558A39CDDE81}" = CCC Help Japanese
"{61D21E2C-FAC2-067C-372B-7C8F83989749}" = CCC Help Korean
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6744850A-969B-2069-2EF1-B275721EF95E}" = Catalyst Control Center Graphics Light
"{677A9C6D-2428-EECE-A9EC-9EDBD12FB107}" = Catalyst Control Center Localization Korean
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681CB74A-F0B1-628D-ACC4-69DB4038CBD0}" = CCC Help Chinese Standard
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FACBBD1-6C66-3FF0-2B12-181CEA842E3E}" = Catalyst Control Center Graphics Full Existing
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78D6C911-16CB-1913-DF57-97E0127ACDAD}" = Catalyst Control Center Localization Chinese Standard
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C950A9E-B452-4DA1-BF55-C610D70E89E1}" = TurboTax 2008 wwiiper
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8240892F-6DD5-C74F-3F1F-F5219B425194}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}" = PowerDirector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9E5D8886-F988-54A9-B7F2-E96E2B3D0799}" = CCC Help English
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{ADAF679D-F9E3-4095-9CB5-335DC7324618}" = eBook Library by Sony
"{B0A4212C-FE03-FEAE-9101-06DC4324F689}" = CCC Help Thai
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
"{BB188DBD-0913-0AA9-9538-2AEF94714A75}" = ccc-core-preinstall
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7E846A1-6DFE-3ADD-4196-65967D52B4D6}" = ccc-utility
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAF40EA4-EEA2-7BE1-CCC7-A9F4559C82AB}" = Skins
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF176925-58D9-A9DF-BA30-FBB388A606C0}" = Catalyst Control Center Localization Japanese
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E1D7C392-EAF5-405F-A31D-BBD3B56C0C6A}" = ImageMixer 3 SE for SD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F86DBF4D-F1C3-C5E1-8079-2694EE6204BF}" = Catalyst Control Center Core Implementation
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9D0612F-DAFB-36F3-4B1E-BA5AE8EDCC37}" = Catalyst Control Center Localization Chinese Traditional
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ATI Display Driver" = ATI Display Driver
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Config" = VADIS Config
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}" = PowerDirector
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Plants vs. Zombies" = Plants vs. Zombies
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"screensaver_guinness" = screensaver_guinness
"StartVADIS" = StartVADIS
"Steam App 41510" = Torchlight - Demo
"Steam App 440" = Team Fortress 2
"TurboTax 2008" = TurboTax 2008
"Ultravnc2_is1" = UltraVNC 1.0.5
"VADIS" = VADIS Application
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinbolicLink" = Winbolic Link (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Ubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/14/2009 5:43:19 PM | Computer Name = ATHLON-XP-3200 | Source = Windows Live Mail | ID = 1000
Description =
Error - 12/5/2009 8:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 9:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 10:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 11:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/7/2009 10:55:16 PM | Computer Name = ATHLON-XP-3200 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.
[ Application Events ]
Error - 11/14/2009 5:43:19 PM | Computer Name = ATHLON-XP-3200 | Source = Windows Live Mail | ID = 1000
Description =
Error - 12/5/2009 8:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 9:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 10:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/5/2009 11:08:05 PM | Computer Name = ATHLON-XP-3200 | Source = Google Update | ID = 20
Description =
Error - 12/7/2009 10:55:16 PM | Computer Name = ATHLON-XP-3200 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.
[ System Events ]
Error - 12/7/2009 11:31:40 PM | Computer Name = ATHLON-XP-3200 | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).
Error - 12/7/2009 11:31:40 PM | Computer Name = ATHLON-XP-3200 | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).
Error - 12/7/2009 11:31:40 PM | Computer Name = ATHLON-XP-3200 | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 12/7/2009 11:31:40 PM | Computer Name = ATHLON-XP-3200 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 12/7/2009 11:36:35 PM | Computer Name = ATHLON-XP-3200 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 12/7/2009 11:52:30 PM | Computer Name = ATHLON-XP-3200 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 12/7/2009 11:52:30 PM | Computer Name = ATHLON-XP-3200 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 12/7/2009 11:54:24 PM | Computer Name = ATHLON-XP-3200 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde si3114r
Error - 12/7/2009 11:58:28 PM | Computer Name = ATHLON-XP-3200 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 12/8/2009 12:03:11 AM | Computer Name = ATHLON-XP-3200 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
< End of report >
When I tried to Scan with
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Documents and Settings\Craig\Application Data\szqovxvb.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\szqovxvb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Craig\Application Data\szqovxvb.dll (Trojan.FakeAlert) -> Delete on reboot.
OTL Scan:
OTL logfile created on: 12/7/2009 10:14:44 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.35% Memory free
4.00 Gb Paging File | 3.68 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 170.38 Gb Free Space | 72.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 698.64 Gb Total Space | 519.06 Gb Free Space | 74.30% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ATHLON-XP-3200
Current User Name: Craig
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/07 21:49:06 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
PRC - [2009/11/01 06:03:19 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Craig\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 19:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/19 22:15:38 | 00,902,504 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
PRC - [2009/10/17 01:41:10 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 01:39:40 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 07:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 07:30:06 | 00,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/10 11:15:42 | 00,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2009/07/03 06:49:37 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/25 16:28:03 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/01/14 09:38:32 | 00,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2008/12/31 13:12:40 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/09 12:37:02 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/10/06 10:01:44 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/04/14 08:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/20 20:23:22 | 00,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/07/17 03:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 03:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/06/26 19:49:21 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/05/10 21:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2004/06/03 13:51:54 | 00,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
========== Modules (SafeList) ==========
MOD - [2009/12/07 21:49:06 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
MOD - [2009/10/14 07:30:36 | 00,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/09/10 11:15:48 | 00,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2009/07/12 00:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 00:09:20 | 00,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/07/03 06:50:45 | 00,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2003/10/17 05:44:08 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/17 01:41:10 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 07:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/11 14:55:30 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/08/07 11:43:04 | 00,045,816 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/25 16:28:03 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/31 13:12:44 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/12/31 13:12:40 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/09 12:37:02 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/10/06 10:01:44 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/06/29 14:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/06/26 19:49:21 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2003/07/28 05:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rover.ebay.co.....www.ebay.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B3A31E53-B8A9-4D55-AE53-3601FF6C82E5}:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B3A31E53-B8A9-4D55-AE53-3601FF6C82E5}: C:\Documents and Settings\Craig\Local Settings\Application Data\{B3A31E53-B8A9-4D55-AE53-3601FF6C82E5} [2009/01/25 17:31:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009/11/16 20:42:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 04:49:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 04:49:03 | 00,000,000 | ---D | M]
[2009/02/15 09:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Extensions
[2009/02/15 09:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\ehm3k8pv.default\extensions
[2009/11/16 20:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\ehm3k8pv.default\extensions\staged-xpis
[2009/11/04 21:33:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: (362040 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 12446 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://email.abbott...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\szqovxvb: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/11 04:17:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7074057f-dfc4-11dd-82f7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7074057f-dfc4-11dd-82f7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7074057f-dfc4-11dd-82f7-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/11 04:17:21 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (59957618898108416)
========== Files/Folders - Created Within 14 Days ==========
[2009/12/07 21:49:06 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2009/12/07 21:48:51 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Craig\Desktop\RootRepeal.exe
[2009/12/07 21:45:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/07 21:45:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/07 21:44:31 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Craig\Desktop\mbam-setup.exe
[2009/12/07 21:43:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/07 21:43:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/07 21:42:36 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Craig\Desktop\erunt_setup.exe
[2009/12/07 21:41:46 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Craig\Desktop\SysRestorePoint.exe
[2009/12/07 21:30:58 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe
[2009/12/07 21:30:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Downloads
[2009/12/07 20:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/12/07 20:55:55 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/27 05:06:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/11/27 05:06:37 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/11/27 05:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Local Settings\Application Data\kinoma
[2009/11/27 05:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Local Settings\Application Data\Sony Corporation
[2009/11/27 05:06:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/11/25 08:42:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\runic games
[2009/11/25 08:38:20 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Craig\My Documents\BioWare
========== Files - Modified Within 14 Days ==========
[2009/12/07 22:08:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-507921405-1801674531-1003UA.job
[2009/12/07 22:04:55 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/12/07 22:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/07 22:02:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/07 21:56:27 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\settings.dat
[2009/12/07 21:51:17 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\Craig\NTUSER.DAT
[2009/12/07 21:51:17 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Craig\ntuser.ini
[2009/12/07 21:51:09 | 00,021,892 | -HS- | M] () -- C:\Documents and Settings\Craig\Application Data\szqovxvb0.ini
[2009/12/07 21:51:09 | 00,000,124 | -HS- | M] () -- C:\Documents and Settings\Craig\Application Data\szqovxvb.ini
[2009/12/07 21:49:06 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2009/12/07 21:48:51 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Craig\Desktop\RootRepeal.exe
[2009/12/07 21:45:07 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/07 21:44:36 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Craig\Desktop\mbam-setup.exe
[2009/12/07 21:43:20 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\NTREGOPT.lnk
[2009/12/07 21:43:20 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\ERUNT.lnk
[2009/12/07 21:42:36 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Craig\Desktop\erunt_setup.exe
[2009/12/07 21:41:46 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Craig\Desktop\SysRestorePoint.exe
[2009/12/07 21:39:25 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/12/07 21:36:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/07 21:30:59 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe
[2009/12/07 20:52:39 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3036F344-6731-4822-ABF4-55DFC89BB1B1}.job
[2009/12/07 20:29:11 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\Vegan.xls
[2009/12/07 06:08:01 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-507921405-1801674531-1003Core.job
[2009/12/06 11:21:21 | 00,362,040 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/05 08:28:40 | 00,023,040 | ---- | M] () -- F:\Documents and Settings\Craig\My Documents\Book1 (version 1).xls
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/30 07:15:50 | 01,967,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 08:36:55 | 00,055,984 | ---- | M] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 12:46:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 23:31:16 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 20:40:28 | 00,001,630 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\Torchlight - Demo.lnk
[2009/11/24 19:17:25 | 00,000,063 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2009/11/24 19:17:25 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
========== Files Created - No Company Name ==========
[2009/12/07 21:56:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\settings.dat
[2009/12/07 21:45:07 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/07 21:43:20 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\NTREGOPT.lnk
[2009/12/07 21:43:20 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\ERUNT.lnk
[2009/12/05 09:16:41 | 00,021,892 | -HS- | C] () -- C:\Documents and Settings\Craig\Application Data\szqovxvb0.ini
[2009/12/05 09:16:41 | 00,000,124 | -HS- | C] () -- C:\Documents and Settings\Craig\Application Data\szqovxvb.ini
[2009/11/24 20:40:28 | 00,001,630 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\Torchlight - Demo.lnk
[2009/08/27 07:50:02 | 00,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/16 21:13:48 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\FASTWiz.log
[2009/02/26 16:09:00 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/15 18:21:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/02/15 17:27:56 | 00,000,021 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/29 16:26:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/14 05:57:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/01/11 17:23:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/11 17:01:30 | 00,115,712 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/11 14:21:53 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/01/11 14:14:05 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
========== LOP Check ==========
[2009/10/26 19:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/16 20:47:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2009/11/27 05:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/01/11 15:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/26 21:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\motorola
[2009/02/21 12:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2009/05/19 22:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/01/13 05:50:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/01/15 05:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/21 18:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/11 05:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/16 07:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/16 20:23:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\CheckPoint
[2009/01/27 22:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/12 23:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\GetRightToGo
[2009/01/11 19:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\MailFrontier
[2009/10/26 21:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\motorola
[2009/11/25 08:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\runic games
[2009/10/11 19:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\SanDisk
[2009/04/01 19:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Windows Live Writer
[2009/12/07 22:04:55 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/12/07 20:52:39 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3036F344-6731-4822-ABF4-55DFC89BB1B1}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2008/04/13 17:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 17:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 17:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2007/05/17 21:34:04 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2004/06/03 03:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/07 22:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xBA4F8000 Size: 16384 File Visible: No Signed: -
Status: -
Name: dump_SI3112r.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_SI3112r.sys
Address: 0xB1F66000 Size: 106496 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAC367000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==