Thank you Heir.
SmitFraudFix v2.403
Scan done at 6:25:36.09, Mon 03/16/2009
Run from C:\Users\Johanna\Downloads\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\IOI\ButtonMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Johanna
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Johanna\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Johanna\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Johanna\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Linksys Wireless-G PCI Network Adapter with SpeedBooster
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA543B04-80A9-4525-8EAE-B70AFD2606B9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA543B04-80A9-4525-8EAE-B70AFD2606B9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA543B04-80A9-4525-8EAE-B70AFD2606B9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTListIt logfile created on: 3/16/2009 06:34:00 - Run 16
OTListIt2 by OldTimer - Version 2.0.5.1 Folder = C:\Users\Johanna\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 94.34% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.14 Gb Total Space | 209.08 Gb Free Space | 72.81% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHANNA-PC
Current User Name: Johanna
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgrssvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgrssvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\IOI\ButtonMonitor.exe ()
PRC - C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Users\Johanna\Downloads\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (AvgCoreSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgrssvc.exe (GRISOFT, s.r.o.)
SRV - (AVGEMS [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgClean [System | Running]) -- C:\Windows\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (GRISOFT, s.r.o.)
DRV - (AvgWFP [On_Demand | Running]) -- C:\Windows\System32\Drivers\avgwfp.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\WMP54GSx86.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\system32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.c...h...TP&M=GT5670IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.c...h...TP&M=GT5670IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.gateway.c...h...TP&M=GT5670 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.c...h...TP&M=GT5670IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.yahoo.com/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/13 05:39:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/07/23 04:48:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/01/01 04:44:22 | 00,000,000 | ---D | M]
[2008/07/23 04:48:16 | 00,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions
[2008/07/23 04:48:16 | 00,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/23 04:48:16 | 00,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\hcyut8b3.default\extensions
[2009/01/01 05:16:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/07/23 04:48:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/12 06:44:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/26 02:38:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/01 05:16:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/07/02 21:52:45 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/02 21:52:46 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 12:31:38 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 12:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgwlntf: DllName - avgwlntf.dll - C:\Windows\system32\avgwlntf.dll (GRISOFT, s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ NTFS ]
O33 - MountPoints2\{571bec63-ee6a-11dc-aff7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{571bec63-ee6a-11dc-aff7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
========== Files/Folders - Created Within 30 Days ========== [2009/03/16 06:33:52 | 00,000,551 | ---- | C] () -- C:\Users\Johanna\Desktop\OTListIt2.exe - Shortcut.lnk
[2009/03/16 06:25:37 | 00,003,344 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2009/03/16 06:25:28 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2009/03/16 06:25:28 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2009/03/16 06:25:28 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2009/03/16 06:25:28 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2009/03/16 06:25:28 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2009/03/16 06:25:28 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2009/03/16 06:25:28 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2009/03/16 06:25:28 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2009/03/16 06:25:28 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2009/03/16 06:25:28 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2009/03/16 06:25:28 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2009/03/16 06:25:28 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2009/03/16 06:25:27 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2009/03/16 06:25:27 | 00,053,248 | ---- | C] (
http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2009/03/15 22:57:11 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/15 21:40:22 | 00,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes
[2009/03/15 21:39:27 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/15 21:39:27 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/15 21:39:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/15 21:39:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/15 21:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/15 02:21:06 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/15 02:20:48 | 00,000,733 | ---- | C] () -- C:\Users\Johanna\Desktop\NTREGOPT.lnk
[2009/03/15 02:20:48 | 00,000,714 | ---- | C] () -- C:\Users\Johanna\Desktop\ERUNT.lnk
[2009/03/15 02:20:47 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/13 05:37:07 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/13 05:37:07 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/13 05:37:06 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/13 05:37:06 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/13 05:37:06 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/13 05:37:06 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/13 05:37:05 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/13 05:37:04 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/13 05:32:50 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/13 05:32:49 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/13 05:32:48 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/13 05:32:34 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/13 05:32:29 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/13 03:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/03/13 03:53:33 | 00,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2009/03/13 03:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/03/13 03:51:54 | 00,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2009/03/11 00:20:57 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/11 00:20:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/11 00:20:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/11 00:20:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/11 00:20:55 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/11 00:20:27 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 00:20:26 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/02/25 05:59:59 | 00,000,000 | ---D | C] -- C:\Users\Johanna\Documents\My Games
[2009/02/15 05:12:31 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/15 05:12:31 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/15 05:12:30 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/15 05:12:30 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/15 05:12:30 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
========== Files - Modified Within 30 Days ========== [2009/03/16 06:33:52 | 00,000,551 | ---- | M] () -- C:\Users\Johanna\Desktop\OTListIt2.exe - Shortcut.lnk
[2009/03/16 06:25:37 | 00,003,344 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2009/03/16 04:41:20 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/16 04:41:20 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/16 03:27:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/15 23:24:48 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/15 23:24:48 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/15 23:24:48 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/15 23:18:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/15 23:18:01 | 30,854,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/15 23:17:23 | 04,897,821 | -H-- | M] () -- C:\Users\Johanna\AppData\Local\IconCache.db
[2009/03/15 21:39:27 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/15 04:16:01 | 00,065,024 | ---- | M] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 02:20:48 | 00,000,733 | ---- | M] () -- C:\Users\Johanna\Desktop\NTREGOPT.lnk
[2009/03/15 02:20:48 | 00,000,714 | ---- | M] () -- C:\Users\Johanna\Desktop\ERUNT.lnk
[2009/03/13 03:59:10 | 00,020,454 | ---- | M] () -- C:\Windows\hpoins01.dat
[2009/03/13 03:53:43 | 00,000,189 | ---- | M] () -- C:\Windows\win.ini
[2009/03/13 03:53:33 | 00,000,903 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2009/03/11 04:08:01 | 00,293,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTListIt Extras logfile created on: 3/16/2009 06:34:00 - Run 16
OTListIt2 by OldTimer - Version 2.0.5.1 Folder = C:\Users\Johanna\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 94.34% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.14 Gb Total Space | 209.08 Gb Free Space | 72.81% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHANNA-PC
Current User Name: Johanna
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17068829-10EE-4581-BDC8-C53C483694A3}" = Smart Copy
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Audacity_is1" = Audacity 1.2.6
"AVG7Uninstall" = AVG 7.5
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 4.18.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SONAR Home_is1" = SONAR Home Studio 6
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent gateway Master Uninstall" = Gateway Games
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2/23/2009 05:23:08 | Computer Name = Johanna-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1590 Start Time: 01c9958f335cbf20 Termination Time: 0
Error - 2/23/2009 05:23:26 | Computer Name = Johanna-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2cc Start Time: 01c9958f42b51f30 Termination Time: 0
Error - 2/23/2009 05:28:57 | Computer Name = Johanna-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/23/2009 05:51:32 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application ieuser.exe, version 6.0.6001.18000, time stamp
0x47918f0e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x046503c0, process id 0x8f4, application start time
0x01c9959933b35356.
Error - 2/23/2009 06:53:32 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x3030302e, process id 0xc94, application start time 0x01c995a4f22d4106.
Error - 2/23/2009 06:53:34 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module MSVCR80.dll, version 8.0.50727.1434, time stamp 0x4757746d, exception
code 0xc0000005, fault offset 0x00014a7f, process id 0xc94, application start time
0x01c995a4f22d4106.
Error - 2/25/2009 05:48:16 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application Kudos.exe, version 0.0.0.0, time stamp 0x4576bb02,
faulting module Kudos.exe, version 0.0.0.0, time stamp 0x4576bb02, exception code
0xc0000005, fault offset 0x000e3082, process id 0x484, application start time 0x01c9972e29004880.
Error - 2/25/2009 05:49:33 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application Kudos.exe, version 0.0.0.0, time stamp 0x4576bb02,
faulting module Kudos.exe, version 0.0.0.0, time stamp 0x4576bb02, exception code
0xc0000005, fault offset 0x000e3082, process id 0xd14, application start time 0x01c9972e5a329520.
Error - 2/25/2009 08:20:06 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application SoftwareUpdate.exe, version 2.1.0.110, time stamp
0x480006c9, faulting module ScriptingObjectModel.dll, version 2.1.0.110, time stamp
0x480006ae, exception code 0xc0000005, fault offset 0x00011b1b, process id 0xb70,
application start time 0x01c9974361566240.
Error - 2/25/2009 21:00:34 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6001.18115, time stamp
0x489807f1, faulting module KERNEL32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe0434f4d, fault offset 0x000442eb, process id 0xf60, application
start time 0x01c997ad1c186920.
[ Media Center Events ]
Error - 6/2/2008 04:26:26 | Computer Name = Johanna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/7/2008 22:00:58 | Computer Name = Johanna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 10/1/2008 23:39:24 | Computer Name = Johanna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/17/2008 16:16:08 | Computer Name = Johanna-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ System Events ]
Error - 12/14/2008 04:01:10 | Computer Name = Johanna-PC | Source = DCOM | ID = 10005
Description =
Error - 12/14/2008 04:01:10 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12/14/2008 04:01:10 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/14/2008 04:01:10 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12/14/2008 04:01:10 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/14/2008 04:05:07 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12/14/2008 04:05:07 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/14/2008 04:05:37 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12/14/2008 04:05:37 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/14/2008 16:44:51 | Computer Name = Johanna-PC | Source = HTTP | ID = 15016
Description =
< End of report >
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Phenom™ 8400 Triple-Core Processor )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Johanna ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.557 7.5.557 (Activated)
C:\ (Local Disk) - NTFS - Total:287 Go (Free:209 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:5 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 03/16/2009| 6:41 )
[ UAC => 1 ]
--------------------\\ Listing folders in Local
[04/07/2008|00:43] C:\Users\Johanna\AppData\Local\Adobe
[06/09/2008|02:45] C:\Users\Johanna\AppData\Local\Apple
[06/09/2008|03:03] C:\Users\Johanna\AppData\Local\Apple Computer
[04/05/2008|22:50] C:\Users\Johanna\AppData\Local\Application Data
[08/02/2008|04:57] C:\Users\Johanna\AppData\Local\d3d9caps.dat
[03/15/2009|04:16] C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/09/2008|02:12] C:\Users\Johanna\AppData\Local\GDIPFONTCACHEV1.DAT
[04/14/2008|03:30] C:\Users\Johanna\AppData\Local\Google
[04/05/2008|22:50] C:\Users\Johanna\AppData\Local\History
[03/15/2009|23:17] C:\Users\Johanna\AppData\Local\IconCache.db
[11/27/2008|17:32] C:\Users\Johanna\AppData\Local\Microsoft
[04/13/2008|03:45] C:\Users\Johanna\AppData\Local\Microsoft Games
[06/05/2008|19:32] C:\Users\Johanna\AppData\Local\MigWiz
[07/23/2008|04:48] C:\Users\Johanna\AppData\Local\Mozilla
[03/16/2009|06:40] C:\Users\Johanna\AppData\Local\Temp
[04/05/2008|22:50] C:\Users\Johanna\AppData\Local\Temporary Internet Files
[04/10/2008|01:50] C:\Users\Johanna\AppData\Local\VirtualStore
[06/12/2008|04:17] C:\Users\Johanna\AppData\Local\Yahoo
--------------------\\ Scheduled Tasks located in C:\Windows\Tasks
[03/15/2009 23:18][--ah-----] C:\Windows\tasks\SA.DAT
[03/15/2009 23:17][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing Folders in C:\ProgramData
[02/26/2008|20:53] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[02/26/2008|20:46] C:\ProgramData\Adobe
[06/09/2008|02:45] C:\ProgramData\Apple
[06/09/2008|02:48] C:\ProgramData\Apple Computer
[04/05/2008|22:46] C:\ProgramData\Application Data
[01/01/2009|04:44] C:\ProgramData\avg7
[08/31/2008|03:14] C:\ProgramData\Cakewalk
[04/05/2008|22:46] C:\ProgramData\Desktop
[04/05/2008|22:46] C:\ProgramData\Documents
[04/05/2008|22:46] C:\ProgramData\Favorites
[04/05/2008|23:05] C:\ProgramData\Google
[04/07/2008|21:52] C:\ProgramData\Grisoft
[05/13/2008|03:30] C:\ProgramData\HipSoft
[03/13/2009|03:59] C:\ProgramData\hpzinstall.log
[08/09/2008|01:47] C:\ProgramData\Identities
[03/15/2009|21:39] C:\ProgramData\Malwarebytes
[08/29/2008|02:38] C:\ProgramData\Microsoft
[12/14/2008|04:05] C:\ProgramData\Microsoft Help
[04/05/2008|23:07] C:\ProgramData\Napster
[06/12/2008|03:43] C:\ProgramData\ntuser.dat
[06/12/2008|03:43] C:\ProgramData\ntuser.dat.LOG1
[06/12/2008|03:43] C:\ProgramData\ntuser.dat.LOG2
[06/12/2008|03:43] C:\ProgramData\ntuser.dat{93c85fc0-3834-11dd-9074-001e901e5bfe}.TM.blf
[06/12/2008|03:43] C:\ProgramData\ntuser.dat{93c85fc0-3834-11dd-9074-001e901e5bfe}.TMContainer00000000000000000001.regtrans-ms
[06/12/2008|03:43] C:\ProgramData\ntuser.dat{93c85fc0-3834-11dd-9074-001e901e5bfe}.TMContainer00000000000000000002.regtrans-ms
[06/12/2008|03:43] C:\ProgramData\ntuser.dat{93c85fd4-3834-11dd-9074-001e901e5bfe}.TM.blf
[06/12/2008|03:43] C:\ProgramData\ntuser.dat{93c85fd4-3834-11dd-9074-001e901e5bfe}.TMContainer00000000000000000001.regtrans-ms
[06/12/2008|03:43] C:\ProgramData\ntuser.dat{93c85fd4-3834-11dd-9074-001e901e5bfe}.TMContainer00000000000000000002.regtrans-ms
[02/26/2008|21:00] C:\ProgramData\NVIDIA
[02/26/2008|21:51] C:\ProgramData\Prism Deploy
[04/05/2008|22:46] C:\ProgramData\Start Menu
[04/07/2008|19:43] C:\ProgramData\Symantec
[04/05/2008|22:46] C:\ProgramData\Templates
[05/16/2008|04:19] C:\ProgramData\Trymedia
[02/26/2009|07:15] C:\ProgramData\WildTangent
[04/15/2008|11:52] C:\ProgramData\WindowsSearch
[06/12/2008|04:17] C:\ProgramData\YAHOO
--------------------\\ Listing Folders in C:\Program Files
[02/26/2008|20:52] C:\Program Files\Acceller
[02/26/2008|20:53] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[07/23/2008|05:03] C:\Program Files\Adobe
[02/26/2008|20:42] C:\Program Files\AMDLive
[02/26/2008|20:42] C:\Program Files\AOL 9.0
[06/12/2008|21:25] C:\Program Files\Apple Software Update
[04/09/2008|02:28] C:\Program Files\Audacity
[02/26/2008|20:47] C:\Program Files\BigFix
[06/09/2008|02:46] C:\Program Files\Bonjour
[08/31/2008|03:14] C:\Program Files\Cakewalk
[03/13/2009|03:54] C:\Program Files\Common Files
[02/26/2008|20:47] C:\Program Files\CyberLink
[11/25/2008|08:02] C:\Program Files\DVDVideoSoft
[02/26/2008|20:42] C:\Program Files\eBay
[03/15/2009|02:20] C:\Program Files\ERUNT
[02/25/2009|05:57] C:\Program Files\Gateway Games
[11/27/2008|05:39] C:\Program Files\Google
[04/07/2008|21:52] C:\Program Files\Grisoft
[04/06/2008|18:51] C:\Program Files\InstallShield Installation Information
[11/20/2008|06:43] C:\Program Files\Internet Explorer
[02/26/2008|20:41] C:\Program Files\IOI
[06/09/2008|02:48] C:\Program Files\iPod
[06/09/2008|02:48] C:\Program Files\iTunes
[01/01/2009|05:16] C:\Program Files\Java
[06/10/2008|04:07] C:\Program Files\LimeWire
[04/06/2008|18:51] C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
[09/09/2008|02:31] C:\Program Files\Makeover Plus
[03/15/2009|21:40] C:\Program Files\Malwarebytes' Anti-Malware
[11/02/2006|08:37] C:\Program Files\Microsoft Games
[04/14/2008|02:19] C:\Program Files\Microsoft Money 2007
[02/26/2008|20:50] C:\Program Files\Microsoft Office
[02/26/2008|20:44] C:\Program Files\Microsoft Works
[02/26/2008|20:50] C:\Program Files\Microsoft.NET
[01/20/2008|22:35] C:\Program Files\Movie Maker
[07/23/2008|04:48] C:\Program Files\Mozilla Firefox
[11/02/2006|08:37] C:\Program Files\MSBuild
[02/26/2008|20:52] C:\Program Files\NetZero
[06/09/2008|02:46] C:\Program Files\QuickTime
[02/26/2008|20:40] C:\Program Files\Realtek
[11/02/2006|08:37] C:\Program Files\Reference Assemblies
[02/05/2008|01:33] C:\Program Files\SoftThinks
[11/02/2006|09:01] C:\Program Files\Uninstall Information
[01/20/2008|22:35] C:\Program Files\Windows Calendar
[01/20/2008|22:35] C:\Program Files\Windows Collaboration
[01/20/2008|22:35] C:\Program Files\Windows Defender
[01/20/2008|22:35] C:\Program Files\Windows Journal
[03/11/2009|04:06] C:\Program Files\Windows Mail
[03/11/2009|04:06] C:\Program Files\Windows Media Player
[11/02/2006|08:37] C:\Program Files\Windows NT
[01/20/2008|22:35] C:\Program Files\Windows Photo Gallery
[01/20/2008|22:35] C:\Program Files\Windows Sidebar
[06/12/2008|04:17] C:\Program Files\Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[02/26/2008|20:46] C:\Program Files\Common Files\Adobe
[06/09/2008|02:45] C:\Program Files\Common Files\Apple
[02/26/2008|20:50] C:\Program Files\Common Files\DESIGNER
[11/25/2008|08:02] C:\Program Files\Common Files\DVDVideoSoft
[03/13/2009|03:54] C:\Program Files\Common Files\Hewlett-Packard
[02/26/2008|20:55] C:\Program Files\Common Files\InstallShield
[02/26/2008|20:51] C:\Program Files\Common Files\Java
[08/22/2008|03:01] C:\Program Files\Common Files\microsoft shared
[03/13/2009|03:53] C:\Program Files\Common Files\MSSoap
[02/26/2008|21:51] C:\Program Files\Common Files\New Boundary
[11/02/2006|07:18] C:\Program Files\Common Files\Services
[11/02/2006|07:18] C:\Program Files\Common Files\SpeechEngines
[04/07/2008|19:44] C:\Program Files\Common Files\Symantec Shared
[01/20/2008|22:35] C:\Program Files\Common Files\System
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2009-03-16 06:41:32
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\Users\Johanna\Music\Brand New- Play Crack The Sky.mp3
[F:44][D:48]-> C:\Users\Johanna\AppData\Local\Temp
[F:121][D:1]-> C:\Users\Johanna\AppData\Roaming\MICROS~1\Windows\Cookies
[F:15][D:4]-> C:\Users\Johanna\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - Mon 03/16/2009| 6:42 - Option : [1]
--------------------\\ Scan completed at 6:42:37
[ UAC => 1 ]
This topic is locked
Sign In
Create Account
