I was able to get to my desktop and run the programs. When I ran TFC and rebooted, the privacy center screen appeared again and I ended the pc.exe process again. I wasn't able to run system restore point as i got an error message saying SysRestorePoint.exe has encountered a problem and needs to close. After running everything else, I still have a privacy-components icon on my desktop and don't know what that is. Here are my OTL, MBAM and RootRepeal logs:
OTL.exe:
OTL logfile created on: 12/11/2009 9:10:06 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.92 Mb Total Physical Memory | 646.63 Mb Available Physical Memory | 63.21% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.14 Gb Total Space | 0.84 Gb Free Space | 5.56% Space Free | Partition Type: NTFS
Drive D: | 22.11 Gb Total Space | 10.82 Gb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 963.70 Mb Total Space | 825.03 Mb Free Space | 85.61% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FCH543-T41
Current User Name: fch543
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/12/09 09:44:52 | 00,536,576 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 16:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/01/13 21:37:00 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/01/09 18:01:47 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/01/09 18:01:47 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/09 18:01:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/14 08:29:00 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/08 18:35:54 | 00,094,208 | ---- | M] (SealedMedia) -- C:\Program Files\SealedMedia\sealmon.exe
PRC - [2004/05/19 03:21:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/05/13 21:36:34 | 00,397,312 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/04/08 18:12:06 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/04/08 18:11:26 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/04/07 06:21:50 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/04/07 06:20:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2004/03/26 18:16:30 | 00,102,400 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2004/03/12 15:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/03/10 10:10:44 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/03/10 10:10:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 16:44:46 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/26 01:26:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/27 08:53:32 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/10/08 22:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/01/10 15:01:34 | 00,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
========== Modules (SafeList) ========== MOD - [2009/12/09 09:44:52 | 00,536,576 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/04/08 18:11:54 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ========== SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 22:33:00 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/18 01:04:42 | 01,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/01/09 18:01:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/05/26 10:33:18 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/05/19 03:21:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/05/13 21:36:34 | 00,397,312 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/04/07 06:21:50 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/04/07 06:20:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2004/03/12 15:18:06 | 00,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 14:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/02/26 01:26:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...m...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E2 DD E0 01 F2 92 7C 42 9F FC E8 D7 65 12 81 CA [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students, =
http://www.kellogg.n...edu/students/%sIE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students, = +
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,% = %25
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,+ = %2B
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "
http://search.yahoo....r=ytff-msgr&p="FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "
http://www.yahoo.com/"FF - prefs.js..keyword.URL: "
http://search.yahoo....r=ytff-msgr&p=" FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/09 21:06:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/11 16:20:12 | 00,000,000 | ---D | M]
[2009/06/21 13:09:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/06/21 13:09:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\
[email protected][2009/10/10 16:07:57 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0w39mi1n.default\extensions
[2008/03/08 18:26:43 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0w39mi1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/09 00:14:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0w39mi1n.default\extensions\{8a8f8ea7-b43a-447a-82a0-90098d3703eb}
[2009/10/10 16:07:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0w39mi1n.default\extensions\
[email protected][2009/10/10 16:07:57 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0w39mi1n.default\extensions\staged-xpis
[2009/12/06 19:18:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/06 19:18:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{4E551550-1870-479D-BF66-DF77900E100E}
[2009/08/12 08:45:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\
[email protected][2009/08/12 08:44:29 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/08/12 08:44:30 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/08/12 08:44:30 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/08/12 08:44:33 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/12/09 21:06:49 | 00,122,880 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\wsff.dll
[2009/08/12 08:44:33 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe (SealedMedia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71}
http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325}
https://lnmail4.disc...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
http://v4.windowsupd...AB?38132.640625 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}
https://portico.disc...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop Components:0 () -
http://us.f3.yahoofs...hJL4PDBIyPUMhcZO24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/23 17:12:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/05/23 17:11:40 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765169410473984)
========== Files/Folders - Created Within 14 Days ========== [2009/12/09 21:08:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\PC
[2009/12/06 18:50:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/12/06 18:48:51 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\WinRAR
[2009/12/06 18:48:45 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2009/12/06 18:48:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/12/06 18:48:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/12/06 18:47:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\503929488
[52 D:\Documents and Settings\Administrator\Desktop\*.tmp files -> D:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2009/12/11 20:47:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/11 20:47:52 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/11 20:47:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/11 20:47:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/11 20:47:05 | 10,726,80960 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/11 20:46:10 | 04,980,736 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/11 20:45:57 | 00,000,278 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2009/12/11 19:49:35 | 00,000,533 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/12/11 19:49:35 | 00,000,520 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/12/11 19:44:55 | 00,005,609 | -HS- | M] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712C.manifest
[2009/12/11 19:44:55 | 00,002,097 | -HS- | M] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712P.manifest
[2009/12/11 19:44:54 | 00,000,649 | -HS- | M] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712O.manifest
[2009/12/11 19:44:54 | 00,000,011 | -HS- | M] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712S.manifest
[2009/12/10 19:56:46 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 21:53:22 | 00,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/12/09 21:09:30 | 00,000,056 | ---- | M] () -- C:\xcrashdump.dat
[2009/12/09 21:08:20 | 00,000,930 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Privacy-Components.lnk
[2009/12/09 21:07:52 | 00,000,817 | ---- | M] () -- C:\WINDOWS\System32\742079991
[2009/12/09 21:06:25 | 00,001,250 | -HS- | M] () -- C:\WINDOWS\System32\2087415207
[2009/12/09 01:12:39 | 04,842,520 | -H-- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/06 19:09:28 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\r2Bsq6W.vbs
[2009/12/06 19:08:25 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\c3IWK.vbs
[2009/12/06 19:03:27 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\IMDls.vbs
[2009/12/06 18:56:04 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/06 18:56:04 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/06 18:51:50 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/06 18:51:50 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/06 18:51:49 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/06 18:50:17 | 00,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/06 18:49:21 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/06 18:48:25 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/12/06 18:47:17 | 00,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2009/12/06 18:43:59 | 00,123,392 | ---- | M] () -- C:\WINDOWS\System32\infocardapi32.dll
[2009/12/06 18:43:25 | 00,123,392 | ---- | M] () -- C:\WINDOWS\System32\dxva232.dll
[2009/12/06 18:42:53 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\Dxfk7.vbs
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[52 D:\Documents and Settings\Administrator\Desktop\*.tmp files -> D:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/12/09 21:09:30 | 00,000,056 | ---- | C] () -- C:\xcrashdump.dat
[2009/12/09 21:08:20 | 00,000,930 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Privacy-Components.lnk
[2009/12/06 19:09:28 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\r2Bsq6W.vbs
[2009/12/06 19:08:25 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\c3IWK.vbs
[2009/12/06 19:03:27 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\IMDls.vbs
[2009/12/06 18:50:31 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2009/12/06 18:50:31 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2009/12/06 18:49:23 | 00,001,250 | -HS- | C] () -- C:\WINDOWS\System32\2087415207
[2009/12/06 18:49:22 | 00,000,817 | ---- | C] () -- C:\WINDOWS\System32\742079991
[2009/12/06 18:48:25 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/12/06 18:47:17 | 00,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2009/12/06 18:46:36 | 00,005,609 | -HS- | C] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712C.manifest
[2009/12/06 18:46:36 | 00,002,097 | -HS- | C] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712P.manifest
[2009/12/06 18:46:36 | 00,000,649 | -HS- | C] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712O.manifest
[2009/12/06 18:46:36 | 00,000,011 | -HS- | C] () -- D:\Documents and Settings\Administrator\Application Data\0200000085c07932712S.manifest
[2009/12/06 18:43:59 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\infocardapi32.dll
[2009/12/06 18:43:25 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\dxva232.dll
[2009/12/06 18:42:53 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\Dxfk7.vbs
[2009/10/03 09:17:41 | 08,673,792 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/03/04 17:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 08:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 12:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/12/16 13:26:56 | 00,001,458 | ---- | C] () -- C:\Program Files\DOWNLOAD_INSTALL.LOG
[2006/09/16 12:16:28 | 00,004,217 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/27 16:51:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/02/27 16:51:53 | 00,000,339 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/02/27 01:46:41 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/02/27 01:46:41 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/01/25 19:16:20 | 00,017,016 | ---- | C] () -- C:\WINDOWS\System32\SS32DVR.DLL
[2005/09/14 11:55:01 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/11 13:10:08 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/04/04 12:01:13 | 00,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/04/01 14:09:08 | 00,003,852 | ---- | C] () -- C:\WINDOWS\avvrh.dll
[2004/08/25 19:26:18 | 00,004,608 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/07 10:22:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/06 13:41:21 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/06/09 14:56:53 | 00,000,852 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/03 14:13:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/05/28 12:15:46 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/05/26 17:07:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/26 17:07:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/26 17:07:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/26 17:07:40 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/26 17:07:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/26 17:07:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/26 15:53:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/26 15:53:23 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/26 15:53:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/26 15:41:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/05/26 15:40:49 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2004/05/26 15:40:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sensor.dll
[2004/05/26 15:39:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/23 18:53:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/05/23 18:51:18 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/05/23 18:51:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2004/05/23 17:12:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/07 06:21:16 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2004/03/18 12:55:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/08 13:34:26 | 00,121,440 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ========== [2006/02/07 01:05:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Aim
[2006/07/22 20:27:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\BitTorrent
[2005/05/12 01:45:50 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\IBM
[2004/07/29 20:46:10 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/10/26 20:55:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Juniper Networks
[2009/12/06 19:14:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/12/11 20:00:55 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\PC
[2004/06/01 12:31:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Qualcomm
[2007/07/25 21:46:21 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Viewpoint
[2005/03/31 11:32:06 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AdDestroyer
[2004/06/09 16:40:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IBM
[2009/07/31 08:02:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/02/14 02:09:10 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0205
[2005/03/31 16:27:00 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\VBouncer
[2009/01/09 18:07:32 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/09/11 17:14:03 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/06/21 12:56:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/05/26 15:40:32 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2005/05/12 01:48:03 | 21,901,656 | ---- | M] (Apple Computer, Inc. ) -- C:\iTunesSetup.exe
[2001/05/24 12:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE
< MD5 for: AGP440.SYS >[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 08:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >[2002/08/28 20:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 07:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2002/08/29 07:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 07:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
< %systemroot%\*. /mp /s >< End of report >
Extras.Txt:
OTL Extras logfile created on: 12/11/2009 9:10:06 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.92 Mb Total Physical Memory | 646.63 Mb Available Physical Memory | 63.21% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.14 Gb Total Space | 0.84 Gb Free Space | 5.56% Space Free | Partition Type: NTFS
Drive D: | 22.11 Gb Total Space | 10.82 Gb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 963.70 Mb Total Space | 825.03 Mb Free Space | 85.61% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FCH543-T41
Current User Name: fch543
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7000:UDP" = 7000:UDP:129.105.223.0/255.255.255.128:enabled:NUTV - Channel Guide
"7070:UDP" = 7070:UDP:129.105.223.0/255.255.255.128:Enabled:NUTV - Video Streams
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:disabled:@xpsp2res.dll,-22009
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Documents and Settings\Administrator\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = D:\Documents and Settings\Administrator\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Disabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
"{1F0BD960-6525-4FEE-B577-2473F77F1277}" = Windows Messenger 5.0
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel® Sebring API
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B11BF9FF-7A12-42D5-BE71-9C3C05833D89}" = SealedMedia Unsealer 4.1.9.1
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA254A9C-2A33-4D35-85A2-FEE6FFFF558C}" = Eudora
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management client
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Access IBM Tools" = Access IBM Tools
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"IPIX ActiveX Viewer" = iPIX ActiveX Viewer
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LimeWire" = LimeWire 5.1.3
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TPKBDLED" = Scroll Lock Indicator Utility
"TVAnts ActiveX Control 1.0" = TVAnts ActiveX Control 1.0
"Tweak UI 2.10" = Tweak UI
"VJOcx2.0" = VJOcx2.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! ¤u¨ă¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 12/6/2009 8:08:29 PM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application update_for_media_player_(kb972036)[1].exe, version
0.0.0.0, faulting module update_for_media_player_(kb972036)[1].exe, version 0.0.0.0,
fault address 0x00001b30.
Error - 12/6/2009 8:09:31 PM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application update_for_media_player_(kb972036)[1].exe, version
0.0.0.0, faulting module update_for_media_player_(kb972036)[1].exe, version 0.0.0.0,
fault address 0x00001b30.
Error - 12/9/2009 2:16:25 AM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3402, fault address 0x0002cb9e.
Error - 12/9/2009 2:28:38 AM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 12/9/2009 2:28:53 AM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 12/9/2009 2:29:32 AM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 12/9/2009 2:45:34 AM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 12/9/2009 2:46:17 AM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 12/11/2009 8:47:03 PM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 12/11/2009 8:47:20 PM | Computer Name = FCH543-T41 | Source = Application Error | ID = 1000
Description = Faulting application sysrestorepoint.exe, version 1.3.0.0, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
[ System Events ]
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The Kwanzy Service service terminated unexpectedly. It has done this
1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The Spectrum24 Event Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The QCONSVC service terminated unexpectedly. It has done this 1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 12/11/2009 8:42:18 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 12/11/2009 9:00:54 PM | Computer Name = FCH543-T41 | Source = Service Control Manager | ID = 7034
Description = The Kwanzy Service service terminated unexpectedly. It has done this
1 time(s).
Error - 12/11/2009 9:47:23 PM | Computer Name = FCH543-T41 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SAVRT' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.
< End of report >
RootRepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/11 21:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9E90000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DAC000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8BF9000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xe3ff7240
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa9fc6f20
==EOF==
MBAM:
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
12/11/2009 8:00:55 PM
mbam-log-2009-12-11 (20-00-55).txt
Scan type: Quick Scan
Objects scanned: 110994
Time elapsed: 5 minute(s), 43 second(s)
Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 30
Memory Processes Infected:
D:\Documents and Settings\Administrator\Application Data\WhereSphere\wheresphere.exe (Adware.WhereSphere) -> Unloaded process successfully.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> Unloaded process successfully.
D:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy131.exe (Adware.Kwanzy) -> Unloaded process successfully.
D:\Documents and Settings\Administrator\Application Data\PC\agent.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> Delete on reboot.
C:\WINDOWS\system32\__c00FB039.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gpkcsp32.dll (Trojan.Tracur) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wheresphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kwanzy Service (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00fb039 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ac3b3df7712 (Trojan.Tracur) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy-components (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wheresphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\gpkcsp32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\gpkcsp32.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (D:\Documents and Settings\Administrator\Application Data\PC\pc.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Folders Infected:
D:\Documents and Settings\Administrator\Application Data\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.
Files Infected:
D:\Documents and Settings\Administrator\Application Data\WhereSphere\config.cfg (Adware.WhereSphere) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\WhereSphere\wheresphere.exe (Adware.WhereSphere) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\WhereSphere\WSUninstall.exe (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\uninstall.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy131.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Program Files\mozilla firefox\searchPlugins\kwanzy131.xml (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FB039.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dmime32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fde32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\framebuf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpkcsp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\iernonce32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\pc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\agent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\settings.ini (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Administrator\Application Data\PC\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.