This topic is locked
I accidentally clicked on an ad (it had an "x" and I thought I could close it... I guess not!) and everything went down hill from there. I got a redirect virus and I tried adaware, malwarebytes' Anti-Malware, Norman Malware, and AVG to try to get rid of it, but nothing seemed to work. I finally found out about Combo fix and even though I was worried about using it, I did it anyways. And that seemed to take care of the problem.
I thought I was done and back to normal because my Google searches are not being redirected anymore, but my internet is still running slow. And then last night I realized something was wrong with my DVD/CD and CD drives when I went to watch a DVD. Instead of my two drives, I now have four listed (E, F, G, H). From testing it out, CD Drive E and H are my one CD drive, and F and G are my one DVD/CD combo drive. CD's are working, but DVD's are not. Plus Auto play is no longer available when I put a disc in.
I thought maybe I still had the virus or a virus and so I ran MBAM again. It found four things that were infected. So, I'm wondering, do I still have the virus?
Here's the MBAM scan log:
Malwarebytes' Anti-Malware 1.38
Database version: 2365
Windows 5.1.2600 Service Pack 2
7/2/2009 9:26:05 PM
mbam-log-2009-07-02 (21-26-00).txt
Scan type: Quick Scan
Objects scanned: 100389
Time elapsed: 5 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------------------
Heres the OTL log:
OTL logfile created on: 7/2/2009 10:38:00 PM - Run 2
OTL by OldTimer - Version 3.0.6.2 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.48 Mb Total Physical Memory | 113.26 Mb Available Physical Memory | 22.14% Memory free
1.13 Gb Paging File | 0.61 Gb Available in Paging File | 54.39% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.89 Gb Total Space | 30.34 Gb Free Space | 20.94% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.61 Gb Free Space | 14.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-XB2X7J77GN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2004/08/04 03:56:49 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/01/26 06:24:04 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [1998/05/07 20:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2003/08/21 07:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon05.exe
PRC - [2003/02/11 23:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2003/08/20 22:56:14 | 00,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\VTTimer.exe
PRC - [2003/07/14 21:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\LTMSG.exe
PRC - [2003/10/29 11:17:30 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2004/11/23 00:36:16 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/07/25 08:20:02 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2005/03/11 07:08:32 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2004/09/07 13:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2004/07/30 15:57:18 | 01,593,344 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2004/08/04 03:56:53 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/03/25 21:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/07/22 03:47:22 | 00,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2008/11/13 10:33:46 | 00,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/03/24 10:04:00 | 00,110,659 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/07/01 01:32:19 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005/03/11 05:43:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/03/25 21:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 21:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 03:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/07/02 20:12:43 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/25 21:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 22:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2005/03/30 16:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
SRV - [2005/01/26 15:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/02/28 12:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2004/03/24 10:04:00 | 00,110,659 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 23:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/01/26 15:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2008/02/28 12:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/01/26 15:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/03/11 05:43:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Running])
SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/10/07 21:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2003/12/12 10:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2005/06/16 14:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcCam.sys -- (DcCam [System | Running])
DRV - [2005/03/31 07:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
DRV - [2005/03/31 07:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\dcfs2k.sys -- (DCFS2K [Auto | Running])
DRV - [2005/03/31 07:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcLps.sys -- (DcLps [On_Demand | Stopped])
DRV - [2005/03/31 07:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\DcPTP.sys -- (DcPTP [On_Demand | Stopped])
DRV - [2005/03/31 08:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\DRIVERS\exportit.sys -- (Exportit [System | Stopped])
DRV - [2003/12/02 22:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2003/01/16 03:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/16 00:05:16 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2008/04/16 00:05:16 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2008/04/16 00:05:16 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2003/11/20 20:25:14 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2003/07/02 03:33:00 | 00,652,497 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2006/09/27 21:20:38 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2004/03/24 10:04:00 | 01,895,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/09/03 03:51:00 | 00,021,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2002/07/30 01:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2003/08/15 22:10:32 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/04 11:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002/10/04 21:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2003/08/15 22:06:44 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/12/06 06:13:42 | 00,429,440 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
DRV - [2003/07/18 20:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2003/12/05 20:25:54 | 00,011,392 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys -- (SiSkp [System | Running])
DRV - [2004/09/21 16:49:00 | 00,107,008 | ---- | M] (ATMEL) -- C:\WINDOWS\System32\DRIVERS\Nets6251.sys -- (SMCSMCWirelessUSB(SMC2662W)® [On_Demand | Running])
DRV - [2003/11/10 11:24:24 | 00,039,532 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2002/05/19 23:09:00 | 00,080,128 | R--- | M] (ATMEL) -- C:\WINDOWS\System32\DRIVERS\vnetusbr.sys -- (USBFVNETR [On_Demand | Stopped])
DRV - [2003/07/02 15:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2003/10/17 02:19:40 | 00,117,760 | ---- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Stopped])
DRV - [2003/11/20 20:26:20 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/11/20 20:26:12 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/02 22:17:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/02 17:55:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/02 17:55:04 | 00,000,000 | ---D | M]
[2009/05/03 19:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/05/03 19:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/02 00:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\9izme1ca.default\extensions
[2009/05/19 13:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\9izme1ca.default\extensions\[email protected]
[2009/06/23 01:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\9izme1ca.default\extensions\[email protected]
[2004/11/14 19:59:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/01 01:32:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/01 01:32:17 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/01 01:32:17 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2005/05/28 17:15:00 | 00,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/01 01:32:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2004/11/23 00:36:30 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/05/19 20:59:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/19 20:59:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/19 20:59:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/19 20:59:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/19 20:59:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/19 20:59:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/19 20:59:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2004/11/23 00:36:38 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2004/11/23 00:36:26 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2003/08/04 18:19:02 | 00,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\mozilla firefox\plugins\npwinamp.dll
[2009/07/01 01:32:24 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/01 01:32:24 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/30 05:34:02 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/01 01:32:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/01 01:32:24 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/01 01:32:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/01 01:32:24 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7451CCCC-B385-48DD-A722-C375C438DC5B} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\LTMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll (America Online, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (MuggleNet Harry Potter and the Half-Blood Prince Countdown) - http://www.mugglenet...des/hbp-cd.html
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/26 05:28:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/07/02 21:44:11 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/02 21:44:11 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/02 21:44:10 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/02 21:44:09 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/02 21:44:08 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/02 21:44:07 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/02 21:44:07 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/02 21:44:06 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/02 21:44:06 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/02 21:43:50 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/02 21:43:50 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/02 21:43:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/02 21:11:17 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/02 21:11:09 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/02 21:11:09 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/02 21:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/02 21:00:24 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/02 21:00:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/02 21:00:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/02 21:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/02 20:59:17 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/02 20:59:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/02 20:58:43 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/02 20:58:41 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/02 20:58:41 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/02 20:58:41 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/02 20:58:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/02 20:57:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/02 20:57:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/07/02 20:36:59 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The following guide is to cure your PC from that annoying piece of malware which hijacks and redirects your Google searches and other search engines.doc
[2009/07/02 20:11:17 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/02 04:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/02 03:54:26 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/01 05:06:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/01 04:39:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/01 03:55:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/30 15:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/30 05:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/30 04:53:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/30 04:53:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/29 22:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/06/29 18:02:30 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/29 18:02:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/06/25 13:32:24 | 00,007,048 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\GlucoseJune09.rtf
[2009/06/25 02:00:32 | 00,998,400 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\For the sandbar.doc
[2009/06/24 19:20:20 | 00,123,392 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\carolmedicalhistoryrevised 12-12-06 Debbie-1.doc
[2009/06/23 03:11:12 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FORESTVILLE CEMETERY.doc
[2009/06/23 01:04:39 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltclr13n.dll
[2009/06/23 01:04:39 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn13n.dll
[2009/06/23 01:04:39 | 00,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg13n.dll
[2009/06/23 01:04:39 | 00,388,608 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfcmp13n.dll
[2009/06/23 01:04:39 | 00,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltdis13n.dll
[2009/06/23 01:04:39 | 00,246,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfj2k13n.dll
[2009/06/23 01:04:39 | 00,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx13n.dll
[2009/06/23 01:04:39 | 00,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\WINDOWS\System32\mfimgvwr.ocx
[2009/06/23 01:04:39 | 00,154,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil13n.dll
[2009/06/23 01:04:39 | 00,142,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif13n.dll
[2009/06/23 01:04:39 | 00,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfjbg13n.dll
[2009/06/23 01:04:39 | 00,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax13n.dll
[2009/06/23 01:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\MFInstall
[2009/06/23 01:04:15 | 00,055,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MFInstall.exe
[2009/06/18 14:48:15 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/06/18 14:44:15 | 26,739,584 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\AdbeRdr910_en_US.exe
[2009/06/17 19:36:14 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Make a list of 5 things you can see without getting up.doc
[2009/06/13 04:15:40 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Photosmart C5500 series.job
[2009/06/08 22:34:22 | 00,821,248 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/06/08 22:34:22 | 00,620,544 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/06/08 19:44:28 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Birthday list.doc
[2009/06/08 18:28:08 | 00,290,816 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\KPDPM.dll
[2009/06/08 18:28:08 | 00,225,280 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\KPDPMUI.dll
[2009/06/08 18:28:08 | 00,064,512 | ---- | C] (FotoNation Inc.) -- C:\WINDOWS\System32\PTPITCP.dll
[2009/06/08 18:28:08 | 00,030,112 | ---- | C] () -- C:\WINDOWS\System32\KPD.xml
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\pp500swnat.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\pp500swenh.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\pdpluss3swnat.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\pdpluss3swenh.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\natural.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\nat3_win.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\nat3.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\nat2.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\enhanced.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\enh3_win.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\enh3.tli
[2009/06/08 18:28:08 | 00,014,739 | ---- | C] () -- C:\WINDOWS\System32\enh2.tli
[2009/06/08 18:28:08 | 00,005,767 | ---- | C] () -- C:\WINDOWS\System32\RegDomainData.xml
[2009/06/08 18:28:08 | 00,001,970 | ---- | C] () -- C:\WINDOWS\System32\KPDIDs.xml
[2009/06/08 18:27:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BWKDLogs
[2009/06/08 18:27:56 | 00,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
[2009/06/08 18:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/06/08 18:27:07 | 00,000,000 | ---D | C] -- C:\KPCMS
[2009/06/08 18:27:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\color
[2009/06/08 18:26:02 | 00,001,841 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/06/08 18:26:02 | 00,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/06/08 18:25:55 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/06/08 18:25:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/05/04 03:04:37 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/21 17:05:08 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/29 20:37:11 | 00,002,505 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/12/29 20:37:10 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/29 20:55:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TSMLite.INI
[2005/08/10 22:04:44 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/08/10 22:04:44 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/08/10 22:04:44 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/08/10 22:04:44 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/08/06 03:14:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2005/04/11 19:08:36 | 00,000,696 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/12/29 14:43:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/29 14:41:04 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/20 01:27:12 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/11/20 01:25:58 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/11/20 01:25:58 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/11/15 18:15:46 | 00,000,360 | ---- | C] () -- C:\WINDOWS\conscorr.ini
[2004/11/14 19:35:06 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IEDKLHHQ.ini
[2004/11/14 19:34:34 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/18 22:41:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/16 18:53:42 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/31 19:16:51 | 00,007,151 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/08/31 19:16:29 | 00,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/05/17 21:21:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/17 21:21:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/17 21:21:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/17 21:21:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/17 21:21:16 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/17 21:21:16 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/02/04 14:37:50 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/28 22:21:05 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/28 22:21:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/27 06:47:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/27 06:26:18 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/26 09:32:19 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/26 09:31:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/26 09:31:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/26 09:23:22 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/26 09:17:11 | 00,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/26 09:16:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/26 09:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/26 09:00:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/26 08:46:03 | 00,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/26 06:56:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/26 06:02:59 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/26 06:02:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/26 06:02:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/26 05:33:52 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/26 04:11:44 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/26 04:11:01 | 00,000,679 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/26 04:10:51 | 00,000,292 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/23 04:19:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 02:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 02:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/24 16:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
========== Files - Modified Within 30 Days ==========
[2009/07/02 22:30:45 | 00,821,248 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 22:30:45 | 00,620,544 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 22:29:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/02 22:29:44 | 00,003,725 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/02 22:29:35 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/02 22:29:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/02 21:45:48 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/02 21:44:11 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/02 21:44:07 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/02 21:11:17 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/02 21:11:09 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/02 21:11:09 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/02 21:00:24 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/02 20:59:16 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/02 20:36:59 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The following guide is to cure your PC from that annoying piece of malware which hijacks and redirects your Google searches and other search engines.doc
[2009/07/02 19:47:13 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/02 18:33:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/02 18:20:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/01 04:35:21 | 00,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/30 19:27:20 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 04:15:33 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Photosmart C5500 series.job
[2009/06/25 13:32:24 | 00,007,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\GlucoseJune09.rtf
[2009/06/25 02:00:37 | 00,998,400 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\For the sandbar.doc
[2009/06/24 19:20:23 | 00,123,392 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\carolmedicalhistoryrevised 12-12-06 Debbie-1.doc
[2009/06/23 20:08:01 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\I bought a cactus.doc
[2009/06/23 03:11:12 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FORESTVILLE CEMETERY.doc
[2009/06/23 01:04:15 | 00,055,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MFInstall.exe
[2009/06/18 14:48:15 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/06/18 14:46:06 | 26,739,584 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\AdbeRdr910_en_US.exe
[2009/06/17 19:36:15 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Make a list of 5 things you can see without getting up.doc
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/13 02:20:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Birthday list.doc
[2009/06/11 03:26:01 | 00,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/08 18:27:56 | 00,001,962 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
[2009/06/08 18:26:02 | 00,001,841 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/06/08 18:26:02 | 00,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
< End of report >
--------------------
Extras.txt:
OTL Extras logfile created on: 7/2/2009 8:12:52 PM - Run 1
OTL by OldTimer - Version 3.0.6.2 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.48 Mb Total Physical Memory | 199.62 Mb Available Physical Memory | 39.03% Memory free
1.13 Gb Paging File | 0.62 Gb Available in Paging File | 54.95% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.89 Gb Total Space | 30.47 Gb Free Space | 21.03% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.61 Gb Free Space | 14.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-XB2X7J77GN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/04/25 20:25:36 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\Desktop\unused icons\utorrent.exe:*:Enabled:µTorrent
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2005/07/22 03:47:22 | 00,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{114AA4D3-A577-400E-A1B2-3CF75CF8D2E2}" = C5500_Help
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.6.0.198
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice™
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition
"{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A558B0C-541D-47e0-A177-8635CE723B07}" = HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A9310B0-FAD0-440E-97B1-5EE14568EF78}" = PS_AIO_04_C5500_ProductContext
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.1
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABEB838C-A1A7-4C5D-B7E1-8B4314B00544}" = MSN Messenger 5.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C77A7F57-0BA5-4A17-B1C4-28E1D5F5A6EC}" = C5500
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E853B73C-6993-47B0-AB8F-3F4DDD8AC80E}" = Hanes© T-ShirtMake© Lite
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6.0" = AIM 6.0
"American Greetings Print! 1.00" = American Greetings Print! 1.00
"American Greetings® Art & More Store" = American Greetings® Art & More Store
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AVG8Uninstall" = AVG Free 8.5
"BackWeb-1940576 Uninstaller" = Compaq Connections
"C679AA5F-C2C8-4EA8-9CD1-504A39AEC264" = Excavation from Compaq (remove only)
"Compaq Instant Support" = Compaq Instant Support
"Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Co~546FA5AA_is1" = Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.2
"DVDStyler_is1" = DVDStyler v1.1 beta
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"Family Tree Maker" = Family Tree Maker 7.0
"HaaliMkx" = Haali Media Splitter
"Haunted House2 Screen Saver" = Haunted House2 Screen Saver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"Kazaa Lite Resurrection_is1" = Kazaa Lite Resurrection 0.0.7.6 F
"LimeWire" = LimeWire 4.4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNMS" = MSN Internet Software
"Night Before Christmas Screen Saver" = Night Before Christmas Screen Saver
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA GART Driver" = NVIDIA GART Driver
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-14-24-01
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RadLight 4.0" = RadLight 4.0 FINAL
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = MuggleNet.com's Harry Potter and the Prisoner of Azkaban Screensaver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WeatherBug" = WeatherBug
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Companion
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/30/2009 12:51:43 AM | Computer Name = YOUR-XB2X7J77GN | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.
Error - 6/30/2009 1:13:26 AM | Computer Name = YOUR-XB2X7J77GN | Source = Application Error | ID = 1000
Description = Faulting application viewpointservice.exe, version 2.0.0.54, faulting
module viewpointservice.exe, version 2.0.0.54, fault address 0x00002250.
Error - 6/30/2009 1:31:33 AM | Computer Name = YOUR-XB2X7J77GN | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1006, faulting
module superantispyware.exe, version 4.26.0.1006, fault address 0x0008a7a3.
Error - 6/30/2009 1:37:37 AM | Computer Name = YOUR-XB2X7J77GN | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1006, faulting
module superantispyware.exe, version 4.26.0.1006, fault address 0x0008a7a3.
Error - 6/30/2009 1:43:41 AM | Computer Name = YOUR-XB2X7J77GN | Source = MBAMService | ID = 131073
Description =
Error - 6/30/2009 5:31:50 AM | Computer Name = YOUR-XB2X7J77GN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x0019c209.
Error - 6/30/2009 3:35:33 PM | Computer Name = YOUR-XB2X7J77GN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/30/2009 5:56:09 PM | Computer Name = YOUR-XB2X7J77GN | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.4.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/2/2009 3:41:14 AM | Computer Name = YOUR-XB2X7J77GN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001934e1.
Error - 7/2/2009 6:03:43 PM | Computer Name = YOUR-XB2X7J77GN | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.4.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 7/2/2009 4:58:56 AM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/2/2009 4:58:56 AM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 7/2/2009 12:55:31 PM | Computer Name = YOUR-XB2X7J77GN | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.
Error - 7/2/2009 12:55:32 PM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 7/2/2009 12:55:32 PM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%2
Error - 7/2/2009 12:56:55 PM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 7/2/2009 6:15:20 PM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 7/2/2009 6:15:20 PM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%2
Error - 7/2/2009 6:16:47 PM | Computer Name = YOUR-XB2X7J77GN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 7/2/2009 8:03:31 PM | Computer Name = YOUR-XB2X7J77GN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
< End of report >
------------------------
Here's the rooter log:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:144 Go - Free:30 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:0 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [CD_Rom]
H:\ [CD_Rom]
I:\ [Removable]
L:\ [Removable]
M:\ [Removable]
N:\ [Removable]
O:\ [Removable]
.
Scan : 22:33.58
Path : C:\Documents and Settings\Owner\My Documents\Downloads\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (556)
______ \??\C:\WINDOWS\system32\csrss.exe (1176)
______ \??\C:\WINDOWS\system32\winlogon.exe (1204)
______ C:\WINDOWS\system32\services.exe (1248)
______ C:\WINDOWS\system32\lsass.exe (1260)
______ C:\WINDOWS\system32\svchost.exe (1424)
______ C:\WINDOWS\system32\svchost.exe (1508)
______ C:\WINDOWS\System32\svchost.exe (1560)
______ C:\WINDOWS\System32\svchost.exe (1628)
______ C:\WINDOWS\system32\svchost.exe (1756)
______ C:\WINDOWS\Explorer.EXE (1940)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (192)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (316)
______ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (808)
______ C:\windows\system\hpsysdrv.exe (832)
______ C:\WINDOWS\System32\hphmon05.exe (856)
______ C:\HP\KBD\KBD.EXE (256)
______ C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (884)
______ C:\WINDOWS\system32\VTTimer.exe (900)
______ C:\WINDOWS\LTMSG.exe (908)
______ C:\Program Files\Multimedia Card Reader\shwicon2k.exe (928)
______ C:\WINDOWS\system32\RUNDLL32.EXE (1016)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1024)
______ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (1032)
______ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe (1040)
______ C:\WINDOWS\ALCXMNTR.EXE (1108)
______ C:\Program Files\iTunes\iTunesHelper.exe (1132)
______ C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (600)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1156)
______ C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (1164)
______ C:\Program Files\Messenger\msmsgs.exe (1172)
______ C:\WINDOWS\system32\ctfmon.exe (1620)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1724)
______ C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (1732)
______ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe (1768)
______ C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (1804)
______ C:\WINDOWS\system32\spoolsv.exe (368)
______ C:\Program Files\Alwil Software\Avast4\setup\avast.setup (752)
______ C:\WINDOWS\System32\svchost.exe (1948)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1088)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1492)
______ C:\WINDOWS\system32\svchost.exe (2064)
______ C:\WINDOWS\System32\svchost.exe (2092)
______ C:\WINDOWS\System32\nvsvc32.exe (2156)
______ C:\WINDOWS\System32\svchost.exe (2232)
______ C:\WINDOWS\System32\svchost.exe (2276)
______ C:\WINDOWS\system32\wuauclt.exe (3012)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3144)
______ C:\WINDOWS\system32\wscntfy.exe (3496)
______ C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (3660)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (3704)
______ C:\WINDOWS\system32\wuauclt.exe (3824)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3892)
______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (3924)
______ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (4060)
______ C:\Program Files\iPod\bin\iPodService.exe (324)
______ C:\WINDOWS\system32\rundll32.exe (3392)
______ C:\WINDOWS\System32\alg.exe (3592)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (2720)
______ C:\Documents and Settings\Owner\My Documents\Downloads\Rooter.exe (2768)
.
----------------------\\ Device\Harddisk0\
WARNING : Unable to read MBR .. [ERROR_1381]
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WebReg HP Photosmart C5500 series.job
C:\WINDOWS\Tasks\{C5BF9F38-42A9-4A77-9F68-BB706243E748}_YOUR-XB2X7J77GN_Owner.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:36.28
.
C:\Rooter$\Rooter_2.txt - (02/07/2009 | 22:36.28)
-----------------------------------------------------------------------------------------
Sign In
Create Account
