 Infected with unknown virus - Outlook 2007 sending spam upon open., All scans recommend scans coming up clean - can't find this bugger |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Oct 6 2008, 02:57 PM
Post
#1
|
|
|
Member  Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734  |
I'm generally fairly competent in removal, but this one has me completely stumped. I've done all the recommend scans and they all come up clean. Google search reveals I'm not the only one to see this (seems to be a recently occurring problem), but no posted solutions that I could find. Time to turn it over to the generous experts here. Any help you can provide, I would really appreciate it. Thank you so much! HJT Log Below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:55:40 PM, on 10/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\My Lockbox\flockbox.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.kaspersky.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182203302703 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182203280921 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mpix.com/Customer/Uploading/act...geUploader4.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - F:\Pictures\Seattle Night\DSC02574.JPG -- End of file - 9597 bytes |
 |
 
|
 |
Replies
(1 - 14)
|
Oct 11 2008, 05:53 PM
Post
#2
|
|
 Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, CoachMcGuirk.
 to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.) I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered. If you do not still need help, please let me know, so that I can move on to other users who still need help. Please take note of the following:
We need to create an OTViewIt Report
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
button in the lower left hand corner of your screen.
.
[/acronym] icon on your desktop.
[/acronym] button.|
Oct 11 2008, 11:54 PM
Post
#3
|
|
|
Member Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734 |
Thank you so much for getting back to me and helping me out, Billy. I really appreciate it.
Below, please find the log files you asked for: OTViewIt.txt: OTViewIt logfile created on: 10/11/2008 6:17:22 PM - Run 2 OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Chris\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.07% Memory free 2.59 Gb Paging File | 2.09 Gb Available in Paging File | 80.71% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 68.21 Gb Free Space | 53.29% Space Free | Partition Type: NTFS Drive D: | 337.77 Gb Total Space | 263.11 Gb Free Space | 77.90% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 152.66 Gb Total Space | 8.73 Gb Free Space | 5.72% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-DESKTOP Current User Name: Chris Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 60 Days ========== Processes ========== [2007/12/11 22:55:06 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2007/12/11 22:55:06 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2008/08/19 06:17:05 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008/08/29 06:02:12 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006/07/12 14:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2008/08/05 17:58:50 | 00,205,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2006/08/28 02:53:48 | 00,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2002/07/15 17:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008/07/04 08:59:46 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2005/06/21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe [2005/06/21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe [2002/06/26 18:36:58 | 00,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2002/12/09 19:19:20 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2007/12/14 17:59:20 | 01,071,472 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\flockbox.exe [2008/10/02 22:39:51 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe [2005/03/17 18:43:34 | 00,909,312 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe [2008/10/11 18:13:42 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTViewIt.exe ========== (O23) Win32 Services ========== [2008/08/19 06:17:05 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) [2007/02/17 19:03:54 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/12/11 22:55:06 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) [2000/05/24 15:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped]) [2008/08/29 06:02:12 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running]) [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) [2006/07/12 14:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running]) [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) [2008/08/05 17:58:50 | 00,205,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer [Auto | Running]) [2006/08/28 02:53:48 | 00,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql [Auto | Running]) [2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running]) [2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped]) [2005/10/14 05:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) [2008/08/05 17:58:50 | 14,894,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService [On_Demand | Stopped]) [2002/09/27 12:56:20 | 00,139,264 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped]) [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008/08/05 17:58:50 | 00,016,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer [On_Demand | Stopped]) [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running]) [2002/07/15 17:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running]) [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running]) [2007/02/10 05:29:48 | 00,344,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT [On_Demand | Stopped]) [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running]) [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running]) [2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [On_Demand | Stopped]) [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running]) [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2002/08/22 18:57:02 | 00,098,752 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) [2006/11/10 16:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running]) [2005/01/10 10:45:56 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K [On_Demand | Running]) [2007/12/12 00:28:10 | 02,849,280 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) [2007/11/05 02:55:04 | 00,017,952 | ---- | M] () -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray [System | Running]) [2008/08/29 06:02:09 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running]) [2008/07/04 08:59:46 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running]) [2006/11/21 14:34:24 | 00,203,264 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\drivers\bender.sys -- (BENDER [On_Demand | Running]) [2002/04/02 16:30:16 | 00,033,024 | ---- | M] (Colorvision Inc) -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2 [On_Demand | Stopped]) [2002/09/25 07:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2008/10/06 08:21:47 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\f75100.sys -- (f75100 [On_Demand | Stopped]) [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2005/06/21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running]) [2002/01/04 17:27:18 | 00,016,480 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iSMbios.sys -- (ISMBIOS [On_Demand | Stopped]) [2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running]) [2008/04/13 13:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped]) [2007/12/13 21:13:02 | 00,017,264 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\drivers\mprifl.sys -- (MPRIFL [Boot | Running]) [2002/10/16 01:11:22 | 00,019,968 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped]) [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running]) [2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running]) [2002/06/13 16:08:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running]) [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/06/26 17:59:52 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) [2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running]) [2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running]) [2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running]) [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2002/08/23 15:46:22 | 00,549,672 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running]) [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) [2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running]) [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running]) [2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running]) [2005/08/22 01:53:34 | 00,280,576 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP [On_Demand | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local ========== (O1) Hosts File ========== HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" (Adobe Systems Incorporated) "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) "flockbox"=C:\Program Files\My Lockbox\flockbox.exe /a (FSPro Labs) "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP) "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe () "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) "Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.) "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC) "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC) "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) ========== (O4) Startup Folders ========== [2006/01/31 17:48:52 | 00,385,024 | ---- | M] (ColorVision Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [2007/02/17 13:36:43 | 00,002,238 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk = C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006/11/20 09:30:54 | 00,250,368 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006/06/22 14:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] () {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] kaspersky.com\www: http in My Computer 1 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] kaspersky.com\www: http in My Computer 1 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/d/c.../OGAControl.cab -- Office Genuine Advantage Validation Tool {0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5 {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control {6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1182203302703 -- WUWebControl Class {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1182203280921 -- MUWebControl Class {82774781-8F4E-11D1-AB1C-0000F8773BF0}: https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab -- DLC Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11 {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03 {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04 {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object {EDFCB7CB-942C-4822-AF14-F0B687409848}: http://www.mpix.com/Customer/Uploading/act...geUploader4.cab -- Image Uploader Control ========== (O17) DNS Name Servers ========== {35625C5C-A151-44ED-86B1-E5A31A12BA15} (Servers: | Description: ) {697A93A9-DC26-45F5-843F-66E00271FB6D} (Servers: | Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter) {ECC61204-F4D5-4829-920B-7FF48B77AB32} (Servers: | Description: Intel® PRO/100 VE Network Connection) {F82110B1-079D-4CFA-9B28-E44E5363E9E6} (Servers: | Description: 1394 Net Adapter) ========== (O20) AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=avgrsstx.dll >[2008/07/04 08:59:48 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.) igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] [2007/04/17 21:39:13 | 00,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcf920c3-be7f-11db-b345-806d6172696f}\Shell\play\Command] ""=C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) ========== Files/Folders - Created Within 60 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2008/10/11 18:13:42 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTViewIt.exe [2008/10/10 19:20:57 | 00,688,740 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\StephanieTu_Christmas2Share.psd [2008/10/09 22:08:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Ripped Songs [2008/10/09 13:35:33 | 00,230,780 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\1166487108_assorted_holiday.abr.zip [2008/10/09 08:38:00 | 00,056,780 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\DC092908_ExpenseReport.tif [2008/10/08 21:44:58 | 00,558,435 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Gina_Girl_5x5_tri_fold_zip.zip [2008/10/08 21:44:52 | 00,244,960 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Amber_5x5_tri_fold.zip [2008/10/08 21:44:45 | 00,205,339 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Austin_5x5_Tri_fold.zip [2008/10/08 21:44:33 | 00,398,984 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Logan_5x5_tri_fold_zip.zip [2008/10/08 09:46:09 | 00,835,140 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\12x12collage.tif [2008/10/08 09:45:36 | 00,130,783 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-9.jpg [2008/10/08 09:45:31 | 00,115,314 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-8.jpg [2008/10/08 09:38:55 | 00,324,205 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PocketCalendar.jpg [2008/10/08 08:59:41 | 01,305,249 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Monsterinvitelemondropsdesigns.zip [2008/10/07 18:22:57 | 00,165,290 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Risk Gradient 3.jpg [2008/10/07 18:22:11 | 00,166,025 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Attractiveness Gradient 3.jpg [2008/10/06 08:57:51 | 00,598,528 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\2008 OIA CCOM Student Registration Form.doc [2008/10/06 08:21:47 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\f75100.sys [2008/10/06 08:21:27 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\c2dFF.mht [2008/10/05 21:29:20 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/10/05 21:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/09/28 22:56:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2008/09/28 22:56:15 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2008/09/28 22:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com [2008/09/28 07:42:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2008/09/27 17:16:04 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2008/09/27 17:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\HouseCall 6.6 [2008/09/19 16:09:22 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2008/09/19 16:09:22 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2008/09/19 16:09:21 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2008/09/19 16:09:20 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2008/09/19 16:09:20 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2008/09/19 16:09:19 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2008/09/19 16:09:18 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2008/09/19 16:09:18 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2008/09/19 16:09:17 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2008/09/19 16:09:16 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2008/09/19 16:09:15 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2008/09/19 16:09:15 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2008/09/19 16:09:14 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2008/09/19 16:09:13 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2008/09/19 16:09:13 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2008/09/19 16:09:12 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2008/09/19 16:09:10 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2008/09/19 16:09:10 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2008/09/19 16:09:08 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2008/09/19 16:08:19 | 00,001,146 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Episode 2 - Strong Badia the Free.lnk [2008/09/19 16:08:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs [2008/09/19 11:45:31 | 00,018,461 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\nicewords1.gif [2008/09/19 07:27:13 | 00,314,860 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA090808Expense.tif [2008/09/19 07:27:13 | 00,108,268 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA090808EInvoice.tif [2008/09/19 07:27:13 | 00,106,644 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA092208EInvoice.tif [2008/09/19 07:27:13 | 00,085,552 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA092208ETicket.tif [2008/09/19 07:27:13 | 00,077,476 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA092208Itin.tif [2008/09/16 09:49:52 | 02,568,548 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash4.jpg [2008/09/16 09:48:06 | 02,301,994 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash3.jpg [2008/09/16 09:47:52 | 02,481,303 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash2.jpg [2008/09/16 09:47:37 | 01,124,804 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash1.jpg [2008/09/15 09:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2008/09/15 09:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2008/09/15 09:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008/09/15 09:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour [2008/09/15 09:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2008/09/15 08:24:56 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/09/14 18:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Telltale Games [2008/09/14 18:46:30 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data\SecuROM [2008/09/14 18:46:28 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2008/09/14 18:46:19 | 00,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Episode 1 - Homestar Ruiner.lnk [2008/09/14 18:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\Telltale Games [2008/09/13 13:43:09 | 00,015,356 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\DSCF3970.jpg [2008/09/11 06:42:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB954606_ENU [2008/09/11 06:41:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\DTS9_KB954606_ENU [2008/09/11 06:40:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\NS9_KB954606_ENU [2008/09/11 06:36:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\RS9_KB954606_ENU [2008/09/11 06:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\OLAP9_KB954606_ENU [2008/09/11 06:32:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB954606_ENU [2008/09/07 07:21:46 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2008/09/07 07:21:46 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2008/09/04 10:08:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2008/09/03 16:01:41 | 00,028,619 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\4344-040-011f.jpg [2008/09/03 16:01:09 | 00,018,883 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Marie Made Me.gif [2008/08/25 10:17:00 | 00,067,592 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\IAD073108 - Expense Report.tif [2008/08/22 12:11:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2008/08/22 12:11:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2008/08/22 12:11:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2008/08/22 12:02:16 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2008/08/22 10:29:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2008/08/22 10:29:31 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll [2008/08/22 10:29:23 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2008/08/22 10:29:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys [2008/08/22 10:29:19 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2008/08/22 10:29:19 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2008/08/22 10:29:19 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2008/08/22 10:29:18 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll [2008/08/22 10:29:18 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2008/08/22 10:29:16 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2008/08/22 10:29:11 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2008/08/22 10:29:10 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2008/08/22 10:29:10 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2008/08/22 10:29:10 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2008/08/22 10:29:10 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2008/08/22 10:29:10 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2008/08/22 10:29:09 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2008/08/22 10:29:09 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2008/08/22 10:29:01 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2008/08/22 10:29:01 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2008/08/22 10:29:01 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2008/08/22 10:29:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2008/08/22 10:28:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2008/08/22 10:28:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll [2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2008/08/22 10:28:23 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2008/08/22 10:28:13 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2008/08/22 10:28:13 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2008/08/22 10:28:13 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2008/08/22 10:28:13 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2008/08/22 10:28:13 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2008/08/22 10:28:13 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2008/08/22 10:28:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll [2008/08/22 10:28:13 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2008/08/22 10:28:11 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2008/08/22 10:28:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll [2008/08/22 10:28:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2008/08/22 10:28:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2008/08/22 10:28:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2008/08/22 10:28:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2008/08/22 10:28:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2008/08/22 10:28:10 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2008/08/22 10:28:10 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2008/08/22 10:28:10 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll [2008/08/22 10:28:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll [2008/08/22 10:28:04 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2008/08/22 10:28:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2008/08/20 15:20:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/08/20 15:08:56 | 00,000,000 | ---D | C] -- C:\Program Files\Nsasoft [2008/08/20 14:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2008/08/19 14:57:24 | 30,986,272 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2008/08/19 14:57:24 | 00,358,268 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2008/08/19 06:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2008/08/19 06:36:22 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2008/08/19 06:35:28 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe [2008/08/19 06:35:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll [2008/08/19 06:34:28 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2008/08/19 06:33:39 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2008/08/19 06:33:38 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll [2008/08/19 06:33:32 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll [2008/08/19 06:33:29 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll [2008/08/19 06:33:16 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll [2008/08/19 06:33:12 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll [2008/08/19 06:33:11 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll [2008/08/19 06:33:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2008/08/19 06:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2008/08/19 06:33:09 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll [2008/08/19 06:33:09 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll [2008/08/19 06:33:07 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys [2008/08/19 06:33:07 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2008/08/19 06:32:14 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll [2008/08/19 06:32:14 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll [2008/08/19 06:32:14 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll [2008/08/19 06:32:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2008/08/19 06:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008/08/15 20:29:44 | 00,176,624 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\PIC-0013.jpg [2008/08/14 06:44:41 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2008/08/14 06:44:11 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll ========== Files - Modified Within 60 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2008/10/11 18:13:42 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTViewIt.exe [2008/10/11 17:34:59 | 28,551,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2008/10/11 17:33:40 | 00,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk [2008/10/11 17:33:09 | 00,012,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/10/11 17:32:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/10/11 17:31:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/10/11 10:13:34 | 30,986,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2008/10/11 10:13:34 | 00,358,268 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2008/10/11 05:37:48 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/10 22:10:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/10/10 19:21:02 | 00,688,740 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\StephanieTu_Christmas2Share.psd [2008/10/10 14:22:13 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2008/10/09 22:09:12 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2008/10/09 13:35:38 | 00,230,780 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\1166487108_assorted_holiday.abr.zip [2008/10/09 10:20:07 | 00,056,780 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\DC092908_ExpenseReport.tif [2008/10/09 09:22:36 | 05,607,424 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\My Money.mny [2008/10/09 09:22:35 | 05,609,174 | R--- | M] () -- C:\Documents and Settings\Chris\My Documents\My Money Backup.mbf [2008/10/08 21:44:59 | 00,558,435 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Gina_Girl_5x5_tri_fold_zip.zip [2008/10/08 21:44:52 | 00,244,960 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Amber_5x5_tri_fold.zip [2008/10/08 21:44:45 | 00,205,339 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Austin_5x5_Tri_fold.zip [2008/10/08 21:44:34 | 00,398,984 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Logan_5x5_tri_fold_zip.zip [2008/10/08 09:46:11 | 00,835,140 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\12x12collage.tif [2008/10/08 09:45:44 | 00,130,783 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-9.jpg [2008/10/08 09:45:34 | 00,115,314 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-8.jpg [2008/10/08 09:38:57 | 00,324,205 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PocketCalendar.jpg [2008/10/08 08:59:42 | 01,305,249 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Monsterinvitelemondropsdesigns.zip [2008/10/07 18:23:01 | 10,751,570 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Risk and Attr Gradients.psd [2008/10/07 18:22:59 | 00,165,290 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Risk Gradient 3.jpg [2008/10/07 18:22:13 | 00,166,025 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Attractiveness Gradient 3.jpg [2008/10/06 08:57:52 | 00,598,528 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\2008 OIA CCOM Student Registration Form.doc [2008/10/06 08:21:47 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\f75100.sys [2008/10/06 08:21:27 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\c2dFF.mht [2008/10/05 20:48:08 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2008/09/27 09:40:14 | 00,000,651 | ---- | M] () -- C:\WINDOWS\win.ini [2008/09/27 09:31:13 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2008/09/19 16:08:19 | 00,001,146 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Episode 2 - Strong Badia the Free.lnk [2008/09/19 11:45:32 | 00,018,461 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\nicewords1.gif [2008/09/19 05:02:04 | 00,106,644 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA092208EInvoice.tif [2008/09/19 05:01:40 | 00,085,552 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA092208ETicket.tif [2008/09/19 05:01:16 | 00,077,476 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA092208Itin.tif [2008/09/19 04:55:50 | 00,108,268 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA090808EInvoice.tif [2008/09/19 04:54:20 | 00,314,860 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA090808Expense.tif [2008/09/16 09:49:59 | 02,568,548 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash4.jpg [2008/09/16 09:48:10 | 02,301,994 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash3.jpg [2008/09/16 09:48:03 | 02,481,303 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash2.jpg [2008/09/16 09:47:48 | 01,124,804 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash1.jpg [2008/09/15 06:04:33 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2008/09/14 18:46:28 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2008/09/14 18:46:19 | 00,001,104 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Episode 1 - Homestar Ruiner.lnk [2008/09/13 13:43:40 | 00,015,356 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\DSCF3970.jpg [2008/09/11 06:42:26 | 00,654,988 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/09/11 06:42:26 | 00,149,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/09/11 06:42:25 | 00,821,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/09/11 06:31:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/09/07 18:38:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/09/07 18:38:13 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2008/09/07 07:21:46 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll [2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll [2008/09/05 23:30:06 | 01,480,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe [2008/08/29 06:02:09 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2008/08/26 15:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/08/25 10:17:00 | 00,067,592 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\IAD073108 - Expense Report.tif [2008/08/22 12:25:08 | 00,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/08/22 12:03:37 | 00,250,048 | RHS- | M] () -- C:\ntldr [2008/08/19 06:39:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2008/08/15 20:29:44 | 00,176,624 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\PIC-0013.jpg < End of report > Extras.Txt: OTViewIt Extras logfile created on: 10/11/2008 6:17:22 PM - Run 2 OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Chris\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.07% Memory free 2.59 Gb Paging File | 2.09 Gb Available in Paging File | 80.71% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 68.21 Gb Free Space | 53.29% Space Free | Partition Type: NTFS Drive D: | 337.77 Gb Total Space | 263.11 Gb Free Space | 77.90% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 152.66 Gb Total Space | 8.73 Gb Free Space | 5.72% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-DESKTOP Current User Name: Chris Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 60 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/10/07 22:02:09 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook [2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove [2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote [2006/02/10 18:12:54 | 00,065,536 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager [2006/02/10 19:12:06 | 04,354,048 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio [2005/09/21 16:22:26 | 00,024,576 | ---- | M] ( ) -- C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile [2006/02/10 18:12:26 | 00,077,824 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client [2008/01/03 11:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM [2008/08/29 05:58:04 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe File not found -- C:\WINDOWS\system32\a.exe:*:Disabled:a [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2008/07/04 09:00:10 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2001/06/20 10:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2005/06/03 02:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2005/04/25 15:29:55 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}"=Microsoft SQL Server 2005 "{1389C6A4-4965-4AEC-9175-08B54A10FA48}"=Microsoft SQL Server 2005 Mobile [ENU] Developer Tools "{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0 "{17B66E83-1BC9-11D5-A54A-0090278A1BB8}"=Microsoft FrontPage Client - English "{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate "{1A655D51-1423-48A3-B748-8F5A0BE294C8}"=Microsoft Visual J# .NET Redistributable Package 1.1 "{20608BFA-6068-48FE-A410-400F2A124C27}"=Microsoft SQL Server Management Studio Express "{23959E96-A80F-4172-A655-210E9BB7BFBE}"=MSDN Library for Visual Studio 2005 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}"=Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2EB44B16-05EF-42FD-9300-A85CDEF60864}"=Free Word Excel Password Wizard "{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}"=SQLXML4 "{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}"=Microsoft SQL Server 2005 Notification Services "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX "{3BFC7D0F-FA4A-4FDC-AA03-440655EA656A}"=TBS WMP Plug-in "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes "{44D4AF75-6870-41F5-9181-662EA05507E1}"=Microsoft Document Explorer 2005 "{48963B63-7A10-49D6-8B08-61E6132453D0}"=ViewSonic Monitor Drivers "{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin "{4C643986-DE3C-4737-8472-CCEC36CCC267}"=Studio Content CD "{53EF6570-21A4-47ED-A40A-E6470A5677A3}"=Studio 8 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English) "{5757AE1A-1DB4-4898-9806-09F77FBD5E57}"=MSDN Library for Visual Studio .NET 2003 "{625386A4-B6B6-4911-A6E8-23189C3F2D15}"=Microsoft .NET Compact Framework 2.0 "{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update "{69880C00-08DD-4385-B752-9C62656F6D1E}"=Microsoft SQL Server 2005 Backward compatibility "{6C531060-84FB-4F96-8F33-29DF020632EB}"=Microsoft .NET Compact Framework 1.0 SP3 Developer "{70014586-7BBA-4A92-A610-CDC896C48F8F}"=NETGEAR WG311v3 802.11g Wireless PCI Adapter "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{74BE7519-41A7-45A8-8AA6-78C7907A4808}"=EOS Capture 1.2 "{750CF8D7-4B04-404F-AFA2-14C129C42373}"=EOS Viewer Utility 1.2.1 "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}"=Microsoft Device Emulator version 1.0 - ENU "{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}"=DING! "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour "{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver "{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}"=Microsoft SQL Server 2005 Analysis Services "{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player "{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime "{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003 "{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90170409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003 "{903B0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Professional 2003 "{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003 "{90A10409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office OneNote 2003 "{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components "{91120000-002E-0000-0000-0000000FF1CE}"=Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}"=DiscAPI (Studio 10) "{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2 "{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8 "{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}"=PaperPort 8.0 SE "{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player "{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation "{C0F76C41-A3EF-4645-871C-FBE5CB4B48F6}"=MyPhotoBooks "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Professional "{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader "{D085A1B6-90A4-11D3-82B7-00C04FA309DE}"=Microsoft Money 2001 "{D407F7C0-579E-4CCB-91FD-855CE5084E86}"=Microsoft Visual Studio 2005 Standard Edition - ENU "{D4134B0B-EA9B-4835-A77A-60BEE6277101}"=Lightroom "{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}"=Visual Studio.NET Baseline - English "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware "{E05F0409-0E9A-48A1-AC04-E35E3033604A}"=Visual Studio .NET Enterprise Architect 2003 - English "{E25DE747-066F-4801-9F79-B1D8CF0C15CC}"=ccc-Branding "{E285C3A0-C883-4B42-849D-8BA71768EE64}"=My Photo Calendars and Cards "{E930E839-998E-42F9-97E2-71FC960DB1B7}"=Microsoft SQL Server 2005 Reporting Services "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer "{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}"=Canon Camera WIA Driver "{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}"=Microsoft SQL Server 2005 Integration Services "{EEECE229-49F6-4851-A73A-99B058221F8C}"=RAPID "{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}"=Intel® PROSet "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client "{FC47C7A5-BE63-11D5-B7C9-005004566E4D}"=ViewSonic Windows XP Signed Files "{FDFE8A65-3DDD-4309-8194-559F41BF61F3}"=Studio 10 "ActiveScan 2.0"=Panda ActiveScan 2.0 "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "Adobe Flash Player Plugin"=Adobe Flash Player Plugin "Adobe Type Manager 4.1"=Adobe Type Manager 4.1 "AIM_6"=AIM 6 "All ATI Software"=ATI - Software Uninstall Utility "ATI Display Driver"=ATI Display Driver "AVG8Uninstall"=AVG Free 8.0 "BhoScanner_is1"=BhoScanner 1.9 "CANONBJ_Deinstall_CNMCP4q.DLL"=Canon i9100 "CCleaner"=CCleaner (remove only) "Episode 1 - Homestar Ruiner"=Strong Bad - Strong Bad Episode 1 - Homestar Ruiner "Episode 2 - Strong Badia the Free"=Strong Bad - Strong Bad Episode 2 - Strong Badia the Free "ffdshow"=ffdshow (remove only) "HijackThis"=HijackThis 2.0.2 "Hollywood FX 4.6"=Pinnacle Hollywood FX 4.6 "hp deskjet 5550 series"=hp deskjet 5550 series (Remove only) "hp deskjet 5550 series_Driver"=hp deskjet 5550 series "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin "InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}"=NETGEAR WG311v3 802.11g Wireless PCI Adapter "InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}"=Canon Utilities EOS Capture 1.2 "InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}"=Canon Utilities EOS Viewer Utility 1.2 "InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}"=Canon EOS 20D WIA Driver "KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0 "Microsoft Document Explorer 2005"=Microsoft Document Explorer 2005 "Microsoft SQL Server 2005"=Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package "Microsoft Visual Studio 2005 Standard Edition - ENU"=Microsoft Visual Studio 2005 Standard Edition - ENU "Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "MSDN Library for Visual Studio 2005"=MSDN Library for Visual Studio 2005 "My Lockbox_is1"=My Lockbox 1.2 for Windows 2000/XP "NeroMultiInstaller!UninstallKey"=Nero Suite "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "PeerGuardian_is1"=PeerGuardian 2.0 "Privoxy"=Privoxy 3.0.6 "PROSet"=Intel® PRO Network Adapters and Drivers "Radeon Omega Drivers for Windows XP/2kv4.8.442"=Radeon Omega Drivers v4.8.442 Setup Files and Tools "SeaMonkey (1.1.9)"=SeaMonkey (1.1.9) "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20 "Spyder2"=Spyder2 "SystemRequirementsLab"=System Requirements Lab "Tor"=Tor 0.1.2.19 "Trend Micro HouseCall 6.6"=HouseCall 6.6 "ULTIMATER"=Microsoft Office Ultimate 2007 "uTorrent"=µTorrent "Vidalia"=Vidalia 0.0.16 "ViewpointMediaPlayer"=Viewpoint Media Player "Visioneer OneTouch"=Visioneer OneTouch "Visual Studio .NET Enterprise Architect 2003 - English"=Microsoft Visual Studio .NET Enterprise Architect 2003 - English "VLC media player"=VideoLAN VLC media player 0.8.6d "WIC"=Windows Imaging Component "Winamp"=Winamp (remove only) "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "Windows XP Service Pack"=Windows XP Service Pack 3 "WinRAR archiver"=WinRAR archiver "WinZip"=WinZip "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "ZoneAlarm"=ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting"=GoToMeeting 4.0.0.320 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting"=GoToMeeting 4.0.0.320 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/15/2008 10:27:28 AM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application softwareupdate.exe, version 2.0.2.92, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00042b9f. Error - 9/26/2008 10:17:43 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application ad-aware.exe, version 7.1.0.11, faulting module ad-aware.exe, version 7.1.0.11, fault address 0x0014b4ec. Error - 10/3/2008 7:20:42 AM | Computer Name = CHRIS-DESKTOP | Source = Application Hang | ID = 1002 Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/7/2008 11:38:33 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application outlook.exe, version 12.0.6316.5000, stamp 4833a470, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x0c36e274. Error - 10/7/2008 11:38:47 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 10/7/2008 12:32:02 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application itunes.exe, version 8.0.0.35, faulting module quicktimempeg4.qtx, version 7.55.90.70, fault address 0x00010e23. Error - 10/9/2008 7:37:45 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting module js3250.dll, version 4.0.0.0, fault address 0x0001ec8d. Error - 10/9/2008 7:38:32 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting module js3250.dll, version 4.0.0.0, fault address 0x0001ec8d. Error - 10/9/2008 7:39:38 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting module js3250.dll, version 4.0.0.0, fault address 0x0001ec8d. Error - 10/9/2008 10:47:48 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000 Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting module js3250.dll, version 4.0.0.0, fault address 0x00020263. [ OSession Events ] Error - 3/21/2007 3:41:30 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 310 seconds with 300 seconds of active time. This session ended with a crash. Error - 11/2/2007 3:29:15 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 799 seconds with 480 seconds of active time. This session ended with a crash. Error - 11/19/2007 5:49:17 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 31932 seconds with 5940 seconds of active time. This session ended with a crash. Error - 12/1/2007 9:23:01 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 276 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/23/2008 8:28:00 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 65 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/5/2008 9:50:29 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 395 seconds with 180 seconds of active time. This session ended with a crash. Error - 4/11/2008 3:51:24 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1713 seconds with 540 seconds of active time. This session ended with a crash. Error - 5/6/2008 10:03:07 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 75 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/29/2008 12:41:03 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16462 seconds with 2760 seconds of active time. This session ended with a crash. Error - 10/7/2008 11:37:59 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2602 seconds with 960 seconds of active time. This session ended with a crash. [ System Events ] Error - 9/15/2008 9:16:34 PM | Computer Name = CHRIS-DESKTOP | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer MMSLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ECC61204-F4D5-4829. The master browser is stopping or an election is being forced. Error - 9/20/2008 9:10:39 AM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error - 9/21/2008 8:44:45 AM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error - 9/22/2008 7:28:04 PM | Computer Name = CHRIS-DESKTOP | Source = BROWSER | ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECC61204-F4D5-4829-920B-7FF48B77AB32}. The backup browser is stopping. Error - 9/26/2008 9:51:03 PM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error - 9/26/2008 10:35:48 PM | Computer Name = CHRIS-DESKTOP | Source = BROWSER | ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECC61204-F4D5-4829-920B-7FF48B77AB32}. The backup browser is stopping. Error - 9/27/2008 10:38:26 AM | Computer Name = CHRIS-DESKTOP | Source = BROWSER | ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECC61204-F4D5-4829-920B-7FF48B77AB32}. The backup browser is stopping. Error - 10/2/2008 11:43:20 PM | Computer Name = CHRIS-DESKTOP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service. Error - 10/6/2008 9:45:20 AM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error - 10/6/2008 9:47:48 AM | Computer Name = CHRIS-DESKTOP | Source = System Error | ID = 1003 Description = Error code 1000008e, parameter1 c0000005, parameter2 a119921e, parameter3 a1b77340, parameter4 00000000. < End of report > Kaspersky Online Scanner Log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, October 11, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, October 12, 2008 00:19:55 Records in database: 1305913 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 299850 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 05:28:58 No malware has been detected. The scan area is clean. The selected area was scanned. |
|
|
|
|
Oct 12 2008, 01:15 PM
Post
#4
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, CoachMcGuirk.
That all looks clean. Are you still getting the emails? I do note that anyone who is putting your address in the From field will cause you to get bounce back emails even if you did not send the mail. Are you positive they are being sent from your machine? Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player. Please Set Your System to Show Hidden Files If you are using Windows XP or earlier:
We need to uninstall one or more programs Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present): J2SE Runtime Environment 5.0 Update 11, Java™ SE Runtime Environment 6 Update 1, Java™ 6 Update 2, Java™ 6 Update 3, Java™ 6 Update 4, Java™ 6 Update 5, Java™ 6 Update 6 We need to upload a file for further inspection
I would like us to use ESET (NOD32)'s Online Scanner
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
, click the 
radio button.
button.|
Oct 12 2008, 07:19 PM
Post
#5
|
|
|
Member Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734 |
Thanks again Billy!
Yes, I am reasonably sure that the emails are being sent from my computer. When I get the bounce-back emails the time sent corresponds to when I opened outlook on my computer. If I access my email through the web interface of my mail server, I do not get any of the bounce backs. I have gotten around it by creating a default dummy email account in outlook as the malware seems to only use the default address. When I do this, I can see that outlook is "preparing to send x messages" from the dummy account, but can't as all the account information is made up. I can't see the email in the drafts our outbox folder, however. I've uploaded the file you requested, removed the programs you've recommend and made the system changes. I ran ESET online scanner and will include the results below, but, unfortunately, it didn't seem to find anything. This thing is driving me crazy! ESET Online Scanner Results: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3515 (20081011) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=d6718e7584fe5346806636a308d68d1a # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-13 12:09:07 # local_time=2008-10-12 07:09:07 (-0600, Central Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=789286 # found=0 # scan_time=18415 |
|
|
|
|
Oct 12 2008, 08:41 PM
Post
#6
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, CoachMcGuirk.
We need to scan for rootkits with GMER
Important! Please do not select the "Show all" checkbox during the scan.
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Oct 12 2008, 10:06 PM
Post
#7
|
|
|
Member Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734 |
Thank you, Billy! Below is my GMER log as per your request.
GMER Log: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-12 22:03:28 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xA544D930] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xA5458A80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xA544DF20] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xA54596E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xA5459440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xA54598B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xA544DD70] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xA545A250] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xA5459CB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xA545A080] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xA544E120] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xA5459140] INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9AC959A INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9AC9655 ---- Kernel code sections - GMER 1.0.14 ---- ? srescan.sys The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [A5463330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [A544E5C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [A544E770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [A544E2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [A544E670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs MPRIFL.SYS (My Private Folder driver/FSPro Labs) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e066 92b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c 59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd 016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561a a48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818 472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522 f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27 b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f9 93d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d84 4a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb278 35b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e 3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791 ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.14 ---- |
|
|
|
|
Oct 13 2008, 03:21 PM
Post
#8
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
When you get the delivery status failure notification, the message that attempted to send should be put on the bottom of the delivery status failure.
Can you post the contents of one of these bounce back messages? Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Oct 13 2008, 03:30 PM
Post
#9
|
|
|
Member Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734 |
I will try to do that the next time I get one. I've cleared them all out of my inbox currently and it doesn't seem too predictable as to when they are sent and come back, but will post here the next time I see it.
Thanks again! |
|
|
|
|
Oct 13 2008, 03:50 PM
Post
#10
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Excellent
 This is a note to myself to leave this topic open longer than the usual timeout of 5 days. Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Oct 19 2008, 09:13 PM
Post
#11
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello. This is my 7 day checkup. Have you had any more issues? Are you still here?
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Oct 19 2008, 09:22 PM
Post
#12
|
|
|
Member Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734 |
Hi Billy,
Yeah, I'm still around but haven't seen the issue pop up again, so I've been unable to post the contents of one of the spam messages yet. Thanks! |
|
|
|
|
Oct 19 2008, 09:35 PM
Post
#13
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
QUOTE(CoachMcGuirk @ Oct 19 2008, 10:22 PM)  Hi Billy, Yeah, I'm still around but haven't seen the issue pop up again, so I've been unable to post the contents of one of the spam messages yet. Thanks! You're welcome  On a positive note... maybe the nastie is gone? Is the lack of sending emails a bad thing? LOL I'll leave this open another week before checking up again, Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Oct 22 2008, 08:57 PM
Post
#14
|
|
|
Member Group: Members Posts: 15 Joined: 20-August 08 Member No.: 231,734 |
Hi Billy,
Thanks for bearing with me while we waited to see if the problem still occurred. Unfortunately, I got a few bounced back emails today of the same nature. It appears the emails it sends are blank other than the subject...though one had some garbled text (possibly a translation of an attachment?). They do have all seem to have an attachment of "winmail.dat", though it appears as though they are 0kb in size. Below are a few examples of the emails it is sending (i've not included identifying info where available). Really appreciate any more ideas you have. This is so frustrating! Bounce Back 1 from Mail Delivery Subsystem <mailer-daemon@googlemail.com> date Wed, Oct 22, 2008 at 8:23 PM subject Delivery Status Notification (Failure) Reply This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: Brandi-kiurut@edc.dk Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 No such user (Brandi-kiurut@edc.dk) (state 14). ----- Original message ----- Received: by 10.65.189.20 with SMTP id r20mr9356402qbp.51.1224725030325; Wed, 22 Oct 2008 18:23:50 -0700 (PDT) Return-Path: <MyEmailAddress> Received: from MyWindowsComputerName (MyIPAddress) by mx.google.com (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 22 Oct 2008 18:23:50 -0700 (PDT) To: <Brandi-kiurut@EDC.DK> Subject: Not read: ladies say size doesnot matter, but we know, it does! Date: Wed, 22 Oct 2008 20:23:50 -0500 Message-ID: <005b01c934ae$04be6430$0e3b2c90$@com> MIME-Version: 1.0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" X-Mailer: Microsoft Office Outlook 12.0 thread-index: AckcQnJtNvnhmxkYR2eQSVgxQzJ/0AYa3mKr X-MS-TNEF-Correlator: 00000000581BECDFD61CB047B09CF50C49640BB224752500 From: MyName <MyEmailAddress> eJ8+IjgBAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAABFOTg1ODRFOTI5OEE0NjQxQjY1NDZDNTFFNzRDNkE0 NQAbBwEDkAYAkAIAABgAAAALACkAAAAAAEAAMgCAYfjrrTTJAR4ASQABAAAANgAAAGxhZGllcyBz YXkgc2l6ZSBkb2Vzbm90IG1hdHRlciwgYnV0IHdlIGtub3csIGl0IGRvZXMhAAAAAgFMAAEAAABa AAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAGAQgByAGEAbgBkAGkAAABTAE0AVABQAAAAQgByAGEA bgBkAGkALQBrAGkAdQByAHUAdABAAEUARABDAC4ARABLAAAAAAAeAE0AAQAAAAcAAABCcmFuZGkA AEAATgCAHHhsQhzJAUAAVQCA/W1yQhzJAR4AcAABAAAANgAAAGxhZGllcyBzYXkgc2l6ZSBkb2Vz bm90IG1hdHRlciwgYnV0IHdlIGtub3csIGl0IGRvZXMhAAAAAgFxAAEAAAAbAAAAAckcQnJtNvnh mxkYR2eQSVgxQzJ/0AYa3mKrAB4AcgABAAAAAQAAAAAAAAAeAHMAAQAAAAEAAAAAAAAAHgB0AAEA AAASAAAAY2ZvcmdpZUBnbWFpbC5jb20AAAALAAgMAAAAAAsAAQ4BAAAAAwAUDgEAAAAeAAEQAQAA ----- Message truncated ----- Bounce Back 2 Your message To: Pauliina-sargdraa@royallabel.com Subject: Not read: Short way to long male power. Sent: Wed, 22 Oct 2008 21:23:50 -0400 did not reach the following recipient(s): Pauliina-sargdraa@royallabel.com on Wed, 22 Oct 2008 21:23:59 -0400 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. <royal-mail.royallabel.com #5.1.1> Final-Recipient: RFC822; Pauliina-sargdraa@royallabel.com Action: failed Status: 5.1.1 X-Supplementary-Info: <royal-mail.royallabel.com #5.1.1> X-Display-Name: Pauliina-sargdraa@royallabel.com Bounce Back 3 from Mail Delivery System <MAILER-DAEMON@hammer.wmhost.com> date Wed, Oct 22, 2008 at 8:40 PM subject Undelivered Mail Returned to Sender mailed-by hammer.wmhost.com [winmail.dat] Reply This is the mail system at host hammer.wmhost.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <badivate_1950@fourkeys.fi>: unknown user: "badivate_1950@fourkeys.fi" |
|
|
|
|
Oct 23 2008, 01:48 PM
Post
#15
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,510 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, CoachMcGuirk.
Please remove ZoneAlarm firewall before preforming the following instructions. Don't worry, we can reinstall it later if you wish. It can be removed via Add/Remove programs. ZoneAlarm is appearing in the GMER logs and obscuring whether things are really hooked or not  QUOTE Received: from MyWindowsComputerName (MyIPAddress) This is information I need. If you want to obsure the information here publicly, that's fine, but could you please send the IP address over PM? That information is public anyway.. every single time you connect to another machine on the internet your IP address is shown. It's just like the home address of the machine. It does not identify you personally, but it can go a long way toward pinning down what's going on with the machine. We need to scan for rootkits with GMER
Important! Please do not select the "Show all" checkbox during the scan.
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
 |
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 09:05 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.