www.007guard.com [Solved], Adware found from Netstat -a control in command promt |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Mar 20 2009, 11:14 PM
Post
#16
|
|
|
Member  Posts: 13 OS: Windows XP  |
OTLIstit Log:
OTListIt logfile created on: 2009-03-20 21:55:52 - Run 4 OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Lydia\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1022.07 Mb Total Physical Memory | 498.93 Mb Available Physical Memory | 48.82% Memory free 2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.94 Gb Total Space | 4.83 Gb Free Space | 6.81% Space Free | Partition Type: NTFS Drive D: | 673.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYDIA Current User Name: Lydia Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\Ati2evxx.exe () PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\sdpasvc.exe ( Matsushita Electric Industrial Co.,Ltd.) PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation) PRC - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe (Stardock Systems, Inc) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.) PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) PRC - C:\Program Files\Microangelo\muamgr.exe () PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (MicrosoftR Corporation) PRC - c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe ( ) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.) PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Rogers\SelfHealing\SHS.exe (Rogers Cable) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe (OLYMPUS IMAGING CORP.) PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) PRC - C:\WINDOWS\system32\MRobeService.exe (OLYMPUS IMAGING CORP.) PRC - C:\Documents and Settings\Lydia\Desktop\OTListIt2.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe () SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (ccProxy [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LVPrcSrv [Auto | Running]) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.) SRV - (MrobeService [On_Demand | Running]) -- C:\WINDOWS\system32\MRobeService.exe (OLYMPUS IMAGING CORP.) SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation) SRV - (NNServ [Auto | Stopped]) -- File not found SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (SDPASVC [Auto | Running]) -- C:\WINDOWS\system32\sdpasvc.exe ( Matsushita Electric Industrial Co.,Ltd.) SRV - (SNDSrvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (SymWSC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation) SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (Audsub3 [Auto | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\Audsub3.sys (NEC) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd) DRV - (CW200USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CW200USB.sys (Cowon Systems, Inc.) DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation) DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation) DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation) DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation) DRV - (IcRecUsb [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\IcRecUsb.sys (lecs Inc.) DRV - (Lvckap [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Lvckap.sys () DRV - (lvmvdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lvmvdrv.sys () DRV - (LVPrcMon [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys () DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.006\NAVENG.SYS (Symantec Corporation) DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.006\NAVEX15.SYS (Symantec Corporation) DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.) DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (Pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software) DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Inc.) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (SAVRTPEL [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys (Macrovision Europe Ltd) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090311.001\SymIDSCo.sys (Symantec Corporation) DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (WinDriver [Auto | Running]) -- C:\WINDOWS\System32\drivers\WINDRVR.SYS (Jungo) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-03-19 18:35:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008-12-21 19:04:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-03-19 18:35:41 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2008-08-13 11:57:13 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2008-12-23 01:24:50 | 00,000,000 | ---D | M] [2009-03-19 19:22:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\llql2tud.default\extensions [2009-01-06 21:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\llql2tud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-03-19 19:22:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007-03-21 21:26:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-12-21 19:04:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-19 18:35:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2007-03-21 21:25:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\real-networks@partners.mozilla.com [2008-12-21 19:04:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2008-12-21 19:04:28 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2008-12-21 19:04:28 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2008-12-21 19:04:28 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2008-12-21 19:04:30 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2008-12-21 19:04:30 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2008-12-21 19:04:44 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008-12-21 19:04:44 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008-12-21 19:04:44 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008-12-21 19:04:44 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008-12-21 19:04:44 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008-12-21 19:04:44 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD ) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation) O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD ) O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd) O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (MicrosoftR Corporation) O4 - HKLM..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe () O4 - HKLM..\Run: [MSN Clients] msnclients.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper () O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation) O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation) O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Free Notes] "C:\Program Files\Power Soft\Free Notes\FreeNotes.exe" File not found O4 - HKCU..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun File not found O4 - HKCU..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background (Rogers Cable) O4 - HKCU..\Run: [Sonic RecordNow!] File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\m-trip Launcher.lnk = C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe (OLYMPUS IMAGING CORP.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) O4 - Startup: C:\Documents and Settings\Lydia\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Search - ?p=ZK O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Download with IDA - Reg Error: Value error. O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/binary/MJSS.cab69309.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1095967286250 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll (Stardock) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4d6c25ec-c008-11dd-b3db-001111262f75}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{55d46a6d-e8a8-11dc-b2dd-001111262f75}\Shell - "" = AutoRun O33 - MountPoints2\{55d46a6d-e8a8-11dc-b2dd-001111262f75}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{55d46a6d-e8a8-11dc-b2dd-001111262f75}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{d2ba9523-06aa-11de-b42d-001111262f75}\Shell - "" = AutoRun O33 - MountPoints2\{d2ba9523-06aa-11de-b42d-001111262f75}\Shell\Auto\command - "" = E:\Cn911.exe -- File not found O33 - MountPoints2\{d2ba9523-06aa-11de-b42d-001111262f75}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d2ba9523-06aa-11de-b42d-001111262f75}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008-06-17 12:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [1 C:\*.tmp files] [5 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-03-20 00:31:59 | 00,010,558 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\Kasperky Online Scanner Log.html [2009-03-19 18:39:03 | 00,000,000 | ---D | C] -- C:\_OTListIt [2009-03-19 18:20:37 | 16,278,936 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\jre-6u12-windows-i586-p.exe [2009-03-18 13:23:04 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lydia\Desktop\OTListIt2.exe [2009-03-18 13:17:59 | 00,356,352 | ---- | C] (funkytoad.com) -- C:\HostsXpert.exe [2009-03-18 13:17:59 | 00,015,223 | ---- | C] () -- C:\HostsXpert.chm [2009-03-18 13:13:47 | 00,000,000 | ---D | C] -- C:\HostsXpert [2009-03-18 13:13:20 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\HostsXpert.zip [2009-03-15 15:33:10 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009-03-15 15:32:56 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\Rooter.exe [2009-03-14 12:16:22 | 00,286,208 | ---- | C] () -- C:\vckeptvp.exe [2009-03-12 17:39:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009-03-12 17:38:56 | 00,260,272 | ---- | C] () -- C:\cmldr [2009-03-12 17:38:54 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-03-12 17:29:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-03-12 17:29:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-03-12 17:29:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-03-12 17:29:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-03-12 17:29:48 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2009-03-12 17:29:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-03-12 17:29:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-03-12 17:29:48 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2009-03-12 17:29:48 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-03-12 17:28:40 | 00,000,000 | ---D | C] -- C:\ComboFix [2009-03-12 17:28:39 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27930.exe [2009-03-12 17:27:34 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-03-12 17:07:08 | 02,933,518 | R--- | C] () -- C:\Documents and Settings\Lydia\Desktop\ComboFix.exe [2009-03-12 01:01:56 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Believe it or not.doc [2009-03-10 23:55:03 | 03,045,023 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\01 - Don't Stop Believin'.mp3 [2009-03-10 01:27:06 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\HijackThis.lnk [2009-03-10 01:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-03-10 01:26:57 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Lydia\Desktop\HJTInstall.exe [2009-03-09 22:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Application Data\Malwarebytes [2009-03-09 22:07:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-03-09 22:07:57 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009-03-09 22:07:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-03-09 22:07:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009-03-09 22:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-03-09 22:07:36 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lydia\Desktop\mbam-setup.exe [2009-03-09 20:30:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-03-09 20:29:21 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\Lydia\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009-03-09 20:29:05 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\NTREGOPT.lnk [2009-03-09 20:29:05 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\ERUNT.lnk [2009-03-09 20:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009-03-09 20:28:51 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Lydia\Desktop\erunt_setup.exe [2009-03-09 19:57:32 | 23,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Lydia\Desktop\dotnetfx.exe [2009-03-09 19:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-03-09 19:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2009-03-09 19:08:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2009-03-09 19:08:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2009-03-09 19:08:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2009-03-09 18:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Desktop\SysRestorePoint [2009-03-09 01:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009-03-09 01:30:25 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009-03-09 01:30:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Application Data\SUPERAntiSpyware.com [2009-03-09 01:28:54 | 06,018,080 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\SUPERAntiSpywarePro.exe [2009-03-08 23:31:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Desktop\Unused Desktop Shortcuts [2009-03-06 01:03:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Romeo Interpertations.doc [2009-03-05 01:07:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft [2009-03-04 00:25:12 | 00,513,536 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Romeo and Juliet 2.doc [2009-03-02 22:46:35 | 00,897,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Lydia\Desktop\WGAPluginInstall.exe [2009-03-02 22:45:49 | 01,002,752 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Lydia\Desktop\JournalViewer1.5_KB886179_ENU.exe [2009-02-28 22:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty [2009-02-28 22:21:00 | 00,000,000 | ---D | C] -- C:\Program Files\Oberon Media [2009-02-26 22:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoBit Games [2009-02-26 19:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Local Settings\Application Data\Astound Studios Web [2009-02-26 01:37:49 | 00,513,536 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Romeo and Juliet.doc [2009-02-25 22:59:19 | 00,144,226 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\growing-hearts.gif [2009-02-23 00:24:54 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Self Government 2.doc [2009-02-20 23:09:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SugarGames ========== Files - Modified Within 30 Days ========== [1 C:\*.tmp files] [5 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-03-20 19:02:22 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2009-03-20 15:09:00 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2009-03-20 14:56:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-03-20 14:56:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009-03-20 14:55:58 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys [2009-03-20 00:31:59 | 00,010,558 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\Kasperky Online Scanner Log.html [2009-03-19 23:45:42 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-03-19 22:26:52 | 00,199,680 | ---- | M] () -- C:\Documents and Settings\Lydia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-03-19 18:20:56 | 16,278,936 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\jre-6u12-windows-i586-p.exe [2009-03-18 13:34:38 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\My Sharing Folders.lnk [2009-03-18 13:23:02 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lydia\Desktop\OTListIt2.exe [2009-03-18 13:13:10 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\HostsXpert.zip [2009-03-15 15:32:52 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\Rooter.exe [2009-03-14 12:16:19 | 00,286,208 | ---- | M] () -- C:\vckeptvp.exe [2009-03-12 17:39:01 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI [2009-03-12 17:27:32 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27930.exe [2009-03-12 17:07:28 | 02,933,518 | R--- | M] () -- C:\Documents and Settings\Lydia\Desktop\ComboFix.exe [2009-03-12 01:25:30 | 00,039,788 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\wklnhst.dat [2009-03-12 01:01:56 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Believe it or not.doc [2009-03-11 18:36:58 | 00,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-03-11 00:05:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-03-10 23:55:40 | 03,045,023 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\01 - Don't Stop Believin'.mp3 [2009-03-10 01:27:06 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\HijackThis.lnk [2009-03-10 01:26:56 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Lydia\Desktop\HJTInstall.exe [2009-03-09 22:07:57 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009-03-09 22:07:40 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lydia\Desktop\mbam-setup.exe [2009-03-09 20:30:11 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk [2009-03-09 20:29:21 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Lydia\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009-03-09 20:29:05 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\NTREGOPT.lnk [2009-03-09 20:29:05 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\ERUNT.lnk [2009-03-09 20:28:50 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Lydia\Desktop\erunt_setup.exe [2009-03-09 20:03:49 | 00,475,218 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-03-09 20:03:49 | 00,405,224 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009-03-09 20:03:49 | 00,064,402 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009-03-09 19:58:04 | 23,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lydia\Desktop\dotnetfx.exe [2009-03-09 19:55:29 | 00,000,765 | ---- | M] () -- C:\WINDOWS\WIN.INI [2009-03-09 19:55:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI [2009-03-09 19:55:29 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009-03-09 19:01:38 | 00,250,048 | RHS- | M] () -- C:\NTLDR [2009-03-09 01:29:07 | 06,018,080 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\SUPERAntiSpywarePro.exe [2009-03-08 02:34:20 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009-03-06 01:03:37 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Romeo Interpertations.doc [2009-03-04 00:25:13 | 00,513,536 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Romeo and Juliet 2.doc [2009-03-03 17:52:22 | 00,000,023 | ---- | M] () -- C:\WINDOWS\MegaManager.INI [2009-03-02 22:46:36 | 00,897,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lydia\Desktop\WGAPluginInstall.exe [2009-03-02 22:45:49 | 01,002,752 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Lydia\Desktop\JournalViewer1.5_KB886179_ENU.exe [2009-03-02 00:51:45 | 03,177,830 | -H-- | M] () -- C:\Documents and Settings\Lydia\Local Settings\Application Data\IconCache.db [2009-02-26 01:37:50 | 00,513,536 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Romeo and Juliet.doc [2009-02-25 22:59:19 | 00,144,226 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\growing-hearts.gif [2009-02-25 13:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-02-23 00:27:00 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Self Government 2.doc [2009-02-23 00:24:44 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Self Government.doc [2009-02-22 23:07:40 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\New Land Claims.doc ========== LOP Check ========== [2009-03-19 18:39:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009-03-09 00:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2004-09-24 13:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2007-12-29 21:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007-06-07 15:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2008-04-27 20:48:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games [2008-12-24 17:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg [2004-09-14 17:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007-12-22 22:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaveDays [2004-09-14 18:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2004-09-14 18:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2008-03-09 20:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames [2009-02-28 22:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty [2008-08-02 14:33:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames [2009-03-01 15:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo [2008-10-10 19:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2008-04-02 23:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet [2009-02-26 22:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games [2009-03-08 22:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2009-02-07 15:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2008-12-05 16:02:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin [2009-03-09 22:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2007-03-21 12:57:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2008-02-11 22:44:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2004-10-05 17:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2007-11-18 20:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games [2009-03-06 20:23:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2008-12-24 15:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playfirst Ashtons Family Resort [2004-10-02 11:50:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2008-08-13 11:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real [2005-12-08 23:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4 [2009-03-01 14:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2004-09-14 17:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008-09-20 17:05:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009-02-20 23:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames [2009-03-09 01:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2005-03-08 00:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2009-02-28 23:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008-04-08 21:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft [2008-06-09 21:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm [2006-07-05 18:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2008-01-29 20:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller [2005-09-20 16:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo! [2008-01-13 20:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2008-07-01 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2009-03-19 18:39:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Lydia\Application Data [2008-12-24 19:14:43 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Lydia\Application Data\.# [2006-01-24 00:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\.ABC [2008-06-13 11:11:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\.BitTornado [2009-03-09 00:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Adobe [2004-09-25 15:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\AdobeUM [2005-04-10 21:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Ahead [2008-12-24 19:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Alawar [2008-07-31 21:45:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Amaranth Games [2004-09-24 13:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\AOL [2006-04-18 21:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Apple Computer [2008-10-13 17:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\BeachPartyCraze [2007-05-09 00:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\BitTorrent [2008-12-24 17:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\blg [2009-01-24 23:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Boomzap [2004-10-27 18:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\CoffeeCup Software [2004-09-14 18:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Creative [2004-10-10 23:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\CyberLink [2008-03-25 18:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\dvdcss [2008-03-09 20:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\eGames [2008-12-05 15:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\GameInvest [2008-02-09 01:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Gamelab [2007-09-10 18:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Geniesoft [2008-08-31 19:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Go-Go Gourmet Chef of the Year [2007-07-23 23:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Google [2004-10-06 17:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Help [2004-09-14 17:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Identities [2007-05-17 19:05:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\InstallShield [2005-04-11 20:06:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Internet Download Accelerator [2005-10-15 13:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\InterTrust [2004-10-10 23:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\InterVideo [2008-12-05 16:02:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\iWin [2007-11-18 14:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Jane s Hotel [2008-04-04 22:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Jane s Hotel Family Hero [2004-09-14 18:09:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Jasc Software Inc [2004-09-23 17:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Lavasoft [2004-09-23 19:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Leadertech [2007-11-18 20:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Macromedia [2009-03-09 22:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Malwarebytes [2005-11-22 19:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Media Player Classic [2007-05-17 19:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Megaupload [2007-08-21 16:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\MegauploadToolbar [2008-05-31 14:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Meridian93 [2006-01-15 19:35:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Lydia\Application Data\Microsoft [2006-04-28 18:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Mozilla [2004-10-05 17:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\MSN6 [2008-02-03 01:57:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\My Games [2005-10-17 21:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Netscape [2005-10-21 15:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\OLYMPUS [2009-03-08 22:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\PlayFirst [2008-12-24 15:58:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Playfirst Ashtons Family Resort [2008-09-28 18:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\PlayFirst_DressUpRush [2008-06-22 00:16:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Playrix Entertainment [2008-09-28 00:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Real [2005-12-08 23:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\River Past G4 [2004-09-23 19:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Sonic [2004-09-14 17:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Sun [2009-03-09 22:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\SUPERAntiSpyware.com [2004-09-14 18:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Symantec [2007-05-17 13:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Talkback [2008-03-03 22:46:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Total Eclipse [2008-07-20 22:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\U3 [2008-06-13 11:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\uTorrent [2008-04-08 21:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Valusoft [2008-05-30 20:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\ViquaSoft [2008-12-23 03:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\vlc [2008-01-13 20:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Yahoo! [2004-09-14 18:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\You've Got Pictures Screensaver [2008-12-30 09:19:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002-08-29 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009-03-20 14:56:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-03-20 19:02:22 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EAE3ABC @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59756FA4 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30C46519 < End of report > Extras Log: OTListIt Extras logfile created on: 2009-03-20 21:55:52 - Run 4 OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Lydia\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1022.07 Mb Total Physical Memory | 498.93 Mb Available Physical Memory | 48.82% Memory free 2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.94 Gb Total Space | 4.83 Gb Free Space | 6.81% Space Free | Partition Type: NTFS Drive D: | 673.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYDIA Current User Name: Lydia Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .scr [@ = scrFile] -- "%1" /s .txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation) C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus File not found C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC (mIRC Co. Ltd.) C:\Program Files\Ares\Ares.exe:*:Enabled:Ares File not found C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ () C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application File not found C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire) C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC) C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation) C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui File not found C:\Program Files\ABC\abc.exe:*:Enabled:abc File not found C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent File not found C:\Program Files\utorrent\utorrent.exe:*:Enabled:μTorrent () C:\WINDOWS\SYSTEM32\fscagent.exe:*:Enabled:???? ???? ?? File not found C:\WINDOWS\SYSTEM32\clubbox.exe:*:Enabled:A?·’1U?o AAAIAu?U °u﹐RAU File not found C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation) C:\Program Files\MessengerDiscovery\Loader.exe:*:Enabled:Loader File not found C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon File not found %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.) C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security "{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections "{1A40B327-2F18-4DC6-894F-C9050321B5CB}" = VeohTV BETA "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12 "{31BBD146-CCC2-4E3F-B560-4D3906E2B041}" = CD Burning 4 "{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support "{44CE6902-84EA-11D6-887E-00609721D519}" = Voice Studio "{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{50ADDF79-3249-4679-B527-3FB8C5EA99E5}" = Overture 4.0 繁體中文版 "{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security "{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes "{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{82625564-5A7A-11D7-AECE-00105A5D0C38}" = SD-JukeboxV4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116555140}" = Farm Frenzy Pizza Party "{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{90815206-15E6-4EFF-8FC3-B47E01F285BF}" = Mega Manager "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security "{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7 "{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6BD246A-62B8-426E-B219-F76981B85218}" = Cell Biology Interactive "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works "{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software "{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9 "{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon "{DCFCFA22-317F-4C64-9F35-D8392AAAD353}" = SD Viewer (D-snap) "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools "{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{FABFD4E4-9216-4CF8-A594-F63AC74FEC3C}" = m:trip "{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security "{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement "{FDCD7EE4-1515-4172-AE20-AF5A69F627FE}" = Intel® Integrated Performance Primitives RTI 3.0 "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AdobeESD" = Adobe Download Manager 2.0 (Remove Only) "Advanced DVD Player_is1" = Advanced DVD Player "AskSBar Uninstall" = Ask Toolbar "ATI Display Driver" = ATI Display Driver "CDisplay_is1" = CDisplay 1.8 "Chime/Chime Pro for Internet Explorer" = Chime/Chime Pro for Internet Explorer "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "Combined Community Codec Pack" = Combined Community Codec Pack 2005-09-23 (Remove Only) "DC++" = DC++ (remove only) "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "DivX Codec" = DivX 5.0.3 Bundle "Download Accelerator Plus " = Download Accelerator Plus "Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10 "Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11 "ERUNT_is1" = ERUNT 1.1j "FLVPlayer" = FLV Player 1.3.3 "FreeRIP3_is1" = FreeRIP v3.01 "Graph" = Graph "GSpot" = GSpot Codec Information Appliance "HaaliMkx" = Haali Media Splitter "HijackThis" = HijackThis 2.0.2 "iDailyDiary_is1" = iDailyDiary 3.20 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{1A40B327-2F18-4DC6-894F-C9050321B5CB}" = VeohTV BETA "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation) "Magic DVD Player_is1" = Magic DVD Player 1.02 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "megauploadtoolbar" = MegaUpload Toolbar "Messenger Plus! Live" = Messenger Plus! Live "Microangelo 5.0" = Microangelo 5.5 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Midtown Madness Demo" = Microsoft Midtown Madness Trial Version "mIRC" = mIRC "MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9 "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Toolbar" = MSN Toolbar "Nanny Mania 2" = Nanny Mania 2 "Nero - Burning Rom!UninstallKey" = Nero 6 Demo "Netscape Browser" = Netscape Browser (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PictureIt_v9" = Microsoft Picture It! Photo Premium 9 "PROSet" = Intel® PRO Network Adapters and Drivers "QcDrv" = Logitech® Camera 驅動程式 "RealAlt_is1" = Real Alternative 1.8.0 "Shockwave" = Shockwave "SHS" = Rogers Self Healing (remove only) "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3 "Spyware Doctor_is1" = Spyware Doctor 2.1 "ST6UNST #1" = Manga Viewer "StreetPlugin" = Learn2 Player (Uninstall Only) "Super DVD Creator_is1" = Super DVD Creator 8.5 "SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security (Symantec Corporation) "VLC media player" = VLC media player 0.9.8a "VobSub" = VobSub v2.23 (Remove Only) "Winamp" = Winamp (remove only) "WindowBlinds" = WindowBlinds "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2004Setup" = Microsoft Works 2004 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! 工具列 "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "WeatherEye" = WeatherEye ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2009-03-04 00:53:18 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-04 01:56:11 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-04 02:00:46 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-05 04:07:01 | Computer Name = LYDIA | Source = MsiInstaller | ID = 11316 Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error occurred while attempting to read from the file: C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi Error - 2009-03-09 03:17:33 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application pspa.exe, version 4.0.0.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-09 03:19:30 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-09 03:44:09 | Computer Name = LYDIA | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x51427789. Error - 2009-03-19 00:33:22 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-20 03:25:04 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009-03-20 03:26:08 | Computer Name = LYDIA | Source = Application Hang | ID = 1002 Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 2009-03-20 03:26:59 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:06 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:13 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:20 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:23 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:25 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:27 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 03:27:29 | Computer Name = LYDIA | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 2009-03-20 17:56:20 | Computer Name = LYDIA | Source = Service Control Manager | ID = 7000 Description = The IC Recorder Driver service failed to start due to the following error: %%1058 Error - 2009-03-20 17:56:20 | Computer Name = LYDIA | Source = Service Control Manager | ID = 7000 Description = The SVKP service failed to start due to the following error: %%2 < End of report > |
 |
 
|
|
Mar 21 2009, 06:25 PM
Post
#17
|
|
 GeekU Moderator  Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC |
Is your computer running better now?
|
|
|
|
|
Mar 21 2009, 11:54 PM
Post
#18
|
|
|
Member Posts: 13 OS: Windows XP |
Hey,
My computer definitely looks like it's free of the 007guards now, but it looks like all these localhosts have taken up where the 007guards used to be. Is this normal? Also my computer downstairs seems to be really slow and I'm pretty sure is infected with more malware. My question is, can the downstairs computer affect the computer up here? The computer up here is linked to the modem downstairs. |
|
|
|
|
Mar 23 2009, 09:52 PM
Post
#19
|
|
|
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC |
Yes, this is normal.
 Localhost is a pointer to your computer.Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. Follow these steps to uninstall Combofix and tools used in the removal of malware
Please update Adobe Reader, by downloading and installing Adobe Reader 9. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit. Have a safe and happy computing day! |
|
|
|
|
Mar 23 2009, 11:25 PM
Post
#20
|
|
|
Member Posts: 13 OS: Windows XP |
Ok, something just went really wrong. I tried to uninstall Combofix with the code you gave me for the run box, and several popups all came up as if I was actually executing Combofix. One referred to something about a Logitech Quick Assistant closing, and others were messages about Norton in Chinese. The reason why I think it was executing Combofix was cause the same messages came up the last time I tried to run Combofix. Not to mention the fact a blue command prompt screen came up right afterwards which I quickly exited. I don't know if this was part of the uninstalling process or not, but it seemed too risky to me which is why I exited. I'm just going to update my Adobe Reader for now and hold off on doing anything else.
|
|
|
|
|
Mar 24 2009, 12:28 AM
Post
#21
|
|
|
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC |
The issue you described is normal. You will be safe running ComboFix /u as directed.
|
|
|
|
|
Mar 25 2009, 08:13 PM
Post
#22
|
|
|
Member Posts: 13 OS: Windows XP |
Hey, would you say the computer is safe for things like online banking? I do a lot of online transactions and I don't know if it's ok yet to use the computer for personal finance.
|
|
|
|
|
Mar 26 2009, 10:47 AM
Post
#23
|
|
|
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC |
Yes.
|
|
|
|
|
Mar 26 2009, 04:35 PM
Post
#24
|
|
|
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
4 / 1,197 | 15th March 2008 - 12:21 PM DeToX started - last by kahdah |
|||||
|
11 / 3,577 | 16th November 2007 - 05:00 PM clester started - last by coachwife6 |
|||||
 |
26 / 2,089 | 24th November 2008 - 12:53 PM g3nX started - last by emeraldnzl |
|||||
|
51 / 1,802 | 14th February 2009 - 08:17 PM harleyshon started - last by handhfan |
|||||
|
Time is now: 20th November 2009 - 11:33 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising