Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:152625 Mo/Free:1772 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
Mon 11/05/2009|20:48
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\zHotkey.exe
---------- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\McAfee\Common Framework\udaterui.exe
---------- C:\WINDOWS\system32\sstray.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
---------- C:\Program Files\AIM6\aim6.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\WINDOWS\system32\mfevtps.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\AIM6\aolsoftware.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Windows Live\Messenger\usnsvc.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Norman\My Documents\download\skippy94179\Dead_AIM_v4.5\Dead Aim 4.5+crack fix\DeadAIM.exe
C:\DOCUME~1\Norman\My Documents\download\skippy94179\Dead_AIM_v4.5\Dead Aim 4.5+crack fix\ReadMe.txt
1 - "C:\Rooter$\Rooter_1.txt" - Sat 09/05/2009|19:26
2 - "C:\Rooter$\Rooter_2.txt" - Mon 11/05/2009|20:49
----------------------\\ Scan completed at 20:49
OTL:
OTListIt logfile created on: 11/05/2009 8:54:41 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.5 Folder = C:\Documents and Settings\Norman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
447.48 Mb Total Physical Memory | 157.76 Mb Available Physical Memory | 35.26% Memory free
1.03 Gb Paging File | 0.60 Gb Available in Paging File | 58.51% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 89.72 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAD
Current User Name: Norman
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\zHotkey.exe (Chicony)
PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\sstray.exe (NVIDIA Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe (Uniblue Software)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Norman\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Disabled | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Disabled | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lxbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\lxbtcoms.exe (Lexmark International, Inc.)
SRV - (McAfeeEngineService [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (mfevtp [Unknown | Running]) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (ENETHUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\enethusb.sys (Efficient Networks, Inc.)
DRV - (enodpl [Auto | Running]) -- C:\WINDOWS\System32\drivers\enodpl.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GoProto [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\goprot51.sys (Gteko Ltd.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [Boot | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdet [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- c:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (ppmoucls [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ppmoucls.sys (Windows ® 2000 DDK provider)
DRV - (pptchpad [System | Running]) -- C:\WINDOWS\System32\DRIVERS\pptchpd5.sys ()
DRV - (prodrv06 [System | Running]) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prohlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfhlp01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (tandpl [Auto | Running]) -- C:\WINDOWS\System32\drivers\tandpl.sys ()
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htmIE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url =
http://www.microsoft...p...&ar=msnhomeIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.live.c...ferrer:source?}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/04/03 10:31:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/10 15:01:19 | 00,000,000 | ---D | M]
O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [CHotkey] zHotkey.exe (Chicony)
O4 - HKLM..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 (Lexmark International, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
O4 - HKLM..\Run: [nForce Tray Options] sstray.exe /r (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (Uniblue Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499}
https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
http://gamerival.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C}
http://gamerival.obe...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/06 21:07:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ========== [1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/10 00:49:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/10 00:49:23 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/10 00:49:18 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/10 00:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Application Data\SUPERAntiSpyware.com
[2009/05/10 00:48:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/09 22:48:37 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/09 21:36:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/09 20:51:32 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/09 20:38:25 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/09 20:38:15 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/09 20:38:05 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/05/09 20:36:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/09 20:36:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/09 20:36:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/09 20:36:12 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/09 20:36:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/09 20:36:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/09 20:36:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/09 20:36:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/09 20:35:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/09 20:34:58 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/05/09 19:24:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/09 19:14:46 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Norman\Desktop\OTListIt2.exe
[2009/05/09 19:14:24 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Norman\Desktop\Rooter.exe
[2009/05/07 18:54:18 | 46,929,1008 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/07 17:10:52 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 17:10:51 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/07 17:10:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/07 17:10:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/07 17:10:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/07 16:53:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Application Data\Malwarebytes
[2009/05/07 16:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 00:10:07 | 00,064,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2009/05/06 00:10:07 | 00,042,424 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/05/06 00:10:06 | 00,074,648 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2009/05/06 00:10:05 | 00,090,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/05/06 00:10:05 | 00,062,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2009/05/06 00:10:04 | 00,340,592 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/05/06 00:10:03 | 00,067,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2009/05/06 00:07:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/05/05 22:10:13 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\NVU001.nvu
[2009/05/05 22:09:00 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2009/05/05 22:09:00 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2009/05/05 22:04:44 | 00,225,280 | R--- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2009/05/05 00:38:50 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/05 00:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/05 00:34:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/04 21:03:35 | 00,000,000 | ---D | C] -- C:\QUARANTINE
[2009/05/04 11:55:41 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Norman\Desktop\New Folder
[2009/04/19 23:53:31 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Norman\My Documents\AIS
[2009/04/19 16:06:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/04/19 16:06:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/19 16:06:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/04/19 16:00:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/19 15:08:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/19 15:08:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/19 15:08:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/19 14:38:52 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Norman\Desktop\CS Saved PFC
[2009/04/15 22:23:05 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 22:23:05 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/15 22:23:02 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 22:23:01 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 22:23:00 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 22:22:59 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 22:22:59 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 22:22:58 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 22:22:58 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 22:22:57 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 22:22:54 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/15 22:22:51 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/15 22:22:44 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/15 22:20:11 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 22:20:10 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/08/18 19:21:22 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/21 22:34:49 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2006/11/11 21:27:55 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/18 14:06:07 | 00,000,682 | ---- | C] () -- C:\WINDOWS\TTutor7.ini
[2006/06/30 17:19:54 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/29 11:33:27 | 00,000,060 | ---- | C] () -- C:\WINDOWS\PPHIDPAD.INI
[2006/02/05 15:41:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/29 00:54:16 | 00,017,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\PPTCHPD5.SYS
[2005/12/29 00:54:15 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\PPADAPI.DLL
[2005/11/13 21:35:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/05/10 19:54:08 | 00,001,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/05/02 12:22:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/12/09 18:17:06 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\rnplf12.dll
[2004/07/27 15:09:21 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/21 17:30:33 | 00,001,029 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/19 23:07:48 | 00,000,120 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/07/09 11:53:39 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2004/07/09 11:53:39 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2004/06/30 16:04:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/06/30 13:59:39 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2004/06/30 13:59:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2004/06/30 13:56:11 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2004/06/30 13:56:10 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2004/06/30 13:56:08 | 00,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2004/06/29 23:50:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/10 17:04:54 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\GCCollection.dll
[2004/03/07 14:51:00 | 00,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2004/02/19 12:31:34 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2003/06/23 11:06:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2003/02/06 23:23:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/06 22:41:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/02/06 22:40:09 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/02/06 22:40:09 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/02/06 21:48:54 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/02/06 21:48:18 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/02/06 19:48:50 | 00,027,136 | R--- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/02/06 19:48:44 | 00,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/02/06 19:48:37 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/02/06 19:48:37 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/02/06 19:48:07 | 00,000,880 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/02/06 19:48:02 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ========== [1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/11 20:30:46 | 00,000,880 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/11 20:30:46 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/11 20:30:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/11 20:17:37 | 00,000,575 | ---- | M] () -- C:\DOCUME~1\Norman\My Documents\My Sharing Folders.lnk
[2009/05/11 20:15:47 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/11 20:12:51 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Norman\Local Settings\desktop.ini
[2009/05/11 20:12:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 20:12:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 20:12:47 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 00:49:23 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/09 22:49:26 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/05/09 19:06:20 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Norman\Desktop\OTListIt2.exe
[2009/05/09 19:06:12 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Norman\Desktop\Rooter.exe
[2009/05/07 17:10:52 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 22:10:13 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\NVU001.nvu
[2009/05/05 21:59:48 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/05 00:38:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 00:26:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/19 16:02:56 | 00,384,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 16:02:56 | 00,054,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 16:02:55 | 00,445,630 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/19 16:00:31 | 00,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 15:02:45 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/19 14:38:52 | 00,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/04/19 14:15:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
========== LOP Check ========== [2009/05/10 00:49:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/08/09 19:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/07/12 12:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/18 18:25:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/06/06 13:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/12/28 14:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/12/28 14:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2003/02/06 22:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2004/06/30 13:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2008/07/05 13:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2007/03/17 11:23:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/04/25 19:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/05/07 18:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/06/25 12:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/05/07 16:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 00:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/07 18:14:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/06/30 17:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2006/06/30 17:20:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2004/07/01 22:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2004/07/02 11:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2004/06/29 17:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/07/07 14:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/04/19 14:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/07/08 16:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2003/02/06 22:35:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/07/08 21:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/07 18:13:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/10 00:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/19 14:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/07/08 22:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/10/30 19:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/04/04 11:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2008/07/12 12:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/06 15:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2006/05/09 14:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/03 10:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/05/10 00:49:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Norman\Application Data
[2004/12/23 18:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\.BitTornado
[2007/06/06 13:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\acccore
[2008/01/14 14:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Adobe
[2008/08/09 19:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AdobeUM
[2008/02/02 21:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Aim
[2008/10/13 23:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Apple Computer
[2003/02/06 23:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CyberLink
[2009/03/27 01:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\FaxCtr
[2008/07/08 15:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Gaijin Ent
[2007/04/02 19:32:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Google
[2007/03/17 11:23:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Norman\Application Data\GTek
[2004/07/02 13:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Help
[2003/02/06 21:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Identities
[2003/02/06 21:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\InterTrust
[2004/10/22 21:45:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Kontiki
[2008/04/04 11:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Lavasoft
[2008/07/02 21:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Ludia
[2004/12/23 19:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Macromedia
[2009/05/07 16:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Malwarebytes
[2009/01/14 20:42:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Norman\Application Data\Microsoft
[2006/07/03 19:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Motive
[2009/04/19 14:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Move Networks
[2007/02/04 02:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\MSN6
[2008/07/08 16:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PlayFirst
[2006/06/02 16:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Real
[2004/10/27 20:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Sun
[2009/05/10 00:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\SUPERAntiSpyware.com
[2003/02/06 22:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Symantec
[2004/07/02 10:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Template
[2009/05/09 20:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\U3
[2008/04/04 11:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Uniblue
[2007/01/17 17:45:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Viewpoint
[2008/07/08 12:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\ViquaSoft
[2009/05/05 00:38:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2007/12/28 14:22:38 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/03/31 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/11 20:12:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2008/04/04 11:30:08 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D644D3DF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF2EA4BB
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA8B212D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90E3641D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F58D818
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF
< End of report >
Extras:
OTListIt Extras logfile created on: 11/05/2009 8:54:41 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.5 Folder = C:\Documents and Settings\Norman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
447.48 Mb Total Physical Memory | 157.76 Mb Available Physical Memory | 35.26% Memory free
1.03 Gb Paging File | 0.60 Gb Available in Paging File | 58.51% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 89.72 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAD
Current User Name: Norman
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3658:UDP" = 3658:UDP:*:Enabled:Peer-to-peer gameplay
"6000:UDP" = 6000:UDP:*:Enabled:Voice Over IP
"30300:TCP" = 30300:TCP:*:Enabled:Lobby
"13505:TCP" = 13505:TCP:*:Enabled:EA Messenger
"9555:UDP" = 9555:UDP:*:Enabled:EA Sports Ticker
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\1124310099\ee\aolservicehost.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\EA SPORTS\NHL 2005\nhl2005.exe:*:Enabled:nhl2005 ()
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire ()
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic
"{2C78229E-69AE-4BE4-8C31-99183EAF2E67}" = e-Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}" = IOI Multimedia Card Reader
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-2448-0000-705000000001}" = Adobe Reader Chinese Traditional Fonts
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DC1674-B5E8-4364-009E-B350048DD006}" = NHL 2005
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1F6BB2F-E9A4-4233-BA03-BB62E8AED82A}" = Star Wars Jedi Knight Jedi Academy Demo
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}" = PenPowerJR-6.0
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"BroadJump Client Foundation" = BroadJump Client Foundation
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}" = IOI Multimedia Card Reader
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"Lexmark 5200 Series" = Lexmark 5200 Series
"Lexmark Skin: PotatoSkin" = Lexmark Skin: PotatoSkin
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"QuickBooks 99" = QuickBooks Pro 99
"RealPlayer 6.0" = RealPlayer
"SBC.MCCInstall" = AT&T Self Support Tool
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"Typing Tutor 7" = Typing Tutor 7
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/05/2009 7:11:20 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.
Error - 9/05/2009 8:38:11 PM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/05/2009 10:30:59 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application pev.cfexe, version 0.0.0.0, faulting module pev.cfexe,
version 0.0.0.0, fault address 0x00027ed2.
Error - 10/05/2009 1:20:09 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/05/2009 3:56:36 PM | Computer Name = DAD | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.0.12.1565, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 10/05/2009 7:44:25 PM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application pinball.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/05/2009 7:44:25 PM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application pinball.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/05/2009 7:44:34 PM | Computer Name = DAD | Source = Application Hang | ID = 1001
Description = Fault bucket 751912186.
Error - 11/05/2009 9:54:27 PM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/05/2009 9:54:41 PM | Computer Name = DAD | Source = Application Hang | ID = 1001
Description = Fault bucket 1267791247.
[ System Events ]
Error - 10/05/2009 9:49:39 PM | Computer Name = DAD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 10/05/2009 9:49:41 PM | Computer Name = DAD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 10/05/2009 9:51:21 PM | Computer Name = DAD | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 10/05/2009 9:51:30 PM | Computer Name = DAD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 10/05/2009 9:51:39 PM | Computer Name = DAD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 10/05/2009 9:51:49 PM | Computer Name = DAD | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 10/05/2009 9:51:58 PM | Computer Name = DAD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 10/05/2009 9:52:07 PM | Computer Name = DAD | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 10/05/2009 9:52:17 PM | Computer Name = DAD | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 10/05/2009 9:52:27 PM | Computer Name = DAD | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
< End of report >