The problem is still some sort of browser redirect virus. This doesn't just happen with Google searches, it happens when I open the browser to my home page. It also happens for no reason if I let the brower stay open to my home page and this occurs after a period of no activity. I ran Zone Alarm with no infections found and then Malwarebytes with the following results:
Files Infected:
C:\U.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\SusanAdmin\Local Settings\Temporary Internet Files\Content.IE5\WCMLD4BV\z002102801r0409J03000601R0143fdeeX8396cd6fYc8c1a98dZ03007f3530dP000501080[1] (Rootkit.TDSS) -> Quarantined and deleted successfully.
This is the only thing that's been done since my last post.
Both new reports that you requested are below.
OTL.txt
OTL logfile created on: 1/25/2010 10:33:44 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\SusanAdmin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 21.38 Gb Free Space | 19.13% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 44.44 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BAD-DOGGIE
Current User Name: SusanAdmin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/01/25 22:26:15 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SusanAdmin\Desktop\OTL.exe
PRC - [2010/01/22 14:28:59 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2010/01/08 01:22:39 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/17 01:41:10 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 01:39:40 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/09/10 11:15:42 | 00,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/22 20:23:38 | 00,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/30 17:47:56 | 00,421,888 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/03/29 19:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/03/17 13:16:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/11/28 10:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 10:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 10:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/11 19:40:52 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2005/11/11 19:40:50 | 01,093,632 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2003/01/03 10:20:48 | 00,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2001/08/23 02:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ========== MOD - [2010/01/25 22:26:15 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SusanAdmin\Desktop\OTL.exe
MOD - [2009/09/10 11:15:48 | 00,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/18 13:01:28 | 00,032,768 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\EnhancedDialog\enhdlginit.dll
MOD - [2005/12/14 18:47:26 | 00,065,536 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
MOD - [2005/10/11 12:18:54 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2004/08/03 18:56:44 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
========== Win32 Services (SafeList) ========== SRV - [2010/01/22 14:28:59 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/17 01:41:10 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2006/03/29 19:53:34 | 00,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/03/17 13:16:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/11/28 10:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 10:29:00 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 10:28:14 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/11 19:40:52 | 00,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2004/08/03 19:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/01/03 10:20:48 | 00,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
========== Driver Services (SafeList) ========== DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/17 01:39:42 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 08:30:02 | 00,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/12 18:15:26 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/06/26 06:15:34 | 03,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/01/15 19:17:58 | 04,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/17 23:56:02 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/08/15 06:27:18 | 00,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2006/04/14 14:27:46 | 00,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/04/14 14:27:44 | 00,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/04/14 14:27:44 | 00,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/04/06 07:53:00 | 00,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/03/17 13:16:00 | 03,655,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/09 16:56:58 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/03/09 16:56:16 | 00,206,976 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/03/09 16:56:10 | 00,726,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/02/15 11:57:46 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/11/28 11:09:26 | 00,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 06:36:08 | 01,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/06/23 08:16:08 | 00,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/22 15:57:06 | 00,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 15:57:06 | 00,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/12/09 13:54:12 | 00,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/12/07 23:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/26 13:47:42 | 00,163,456 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2003/12/17 08:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 08:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/17 08:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/23 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig?hl=en&t=0IE - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 32 44 95 FD 8E CA 01 [binary data]
IE - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\S-1-5-21-1275210071-1284227242-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&t=0"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009/12/08 12:30:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 18:56:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 01:22:42 | 00,000,000 | ---D | M]
[2010/01/06 19:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SusanAdmin\Application Data\Mozilla\Extensions
[2010/01/25 14:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SusanAdmin\Application Data\Mozilla\Firefox\Profiles\cqpv4k61.default\extensions
[2009/12/31 01:12:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/01/15 23:29:25 | 00,372,744 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1284227242-682003330-1007\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windowsupd...b?1187413718033 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftu...b?1187470499500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O21 - SSODL: EnhancedDialog - {6D972050-A934-44D7-AC67-7C9E0B264220} - C:\Program Files\Stardock\Object Desktop\EnhancedDialog\enhdlginit.dll (Stardock Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop WallPaper: C:\WINDOWS\Elegance 1600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Elegance 1600.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/17 19:32:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/08/17 15:10:23 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg:
ePower_DMC - hkey= - key= - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
MsConfig - StartUpReg:
ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
MsConfig - StartUpReg:
MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg:
NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg:
RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg:
SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg:
SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3FE1B39A-49E2-51D4-4898-193A6A6346B2} - Browser Customizations
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5923D989-2C32-5E54-45A3-073E7CD8F0A3} - Internet Explorer
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8DE1867A-768E-5518-D44B-19CB80EDF8CD} - Internet Explorer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F405EFFB-52A6-757E-62CE-D290D1247ED4} - Vector Graphics Rendering (VML)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ========== [2010/01/25 22:26:14 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SusanAdmin\Desktop\OTL.exe
[2010/01/24 01:35:30 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\SusanAdmin\Recent
[2010/01/23 14:53:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Desktop\Famolare Shoes
[2010/01/23 14:40:39 | 00,020,480 | ---- | C] (IpVOPqgs) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/23 14:40:39 | 00,020,480 | ---- | C] (IpVOPqgs) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 14:32:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Google
[2010/01/22 14:29:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/22 14:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Temp
[2010/01/22 14:29:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Google
[2010/01/19 22:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Apple Computer
[2010/01/16 12:57:58 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\SusanAdmin\Desktop\RootRepeal.exe
[2010/01/16 12:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/16 12:25:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\SusanAdmin\Desktop\HJTInstall.exe
[2010/01/16 12:19:44 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\SusanAdmin\Desktop\spywareblastersetup42.exe
[2010/01/15 20:42:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/15 20:41:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\SUPERAntiSpyware.com
[2010/01/15 20:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/15 20:40:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/15 20:24:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Move Networks
[2010/01/15 19:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\FastStone
[2010/01/14 19:15:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\TweakNow RegCleaner
[2010/01/14 19:01:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Malwarebytes
[2010/01/14 15:36:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Sun
[2010/01/12 11:24:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\CoffeeCup Software
[2010/01/11 23:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/01/08 14:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/01/08 14:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Thinstall
[2010/01/08 13:55:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Desktop\Portable Microsoft Office 2007 Enterprise
[2010/01/08 00:30:10 | 00,000,000 | ---D | C] -- C:\Program Files\SonicWallES
[2010/01/08 00:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Identities
[2010/01/07 14:47:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\TeamViewer
[2010/01/06 20:12:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\SaffronOne
[2010/01/06 19:27:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Macromedia
[2010/01/06 19:14:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Mozilla
[2010/01/06 19:14:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Mozilla
[2010/01/06 18:41:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Desktop\Mortgage
[2010/01/06 16:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Adobe
[2010/01/06 16:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Adobe
[2010/01/06 14:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\WINDOWS
[2010/01/06 14:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\temp
[2010/01/06 14:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\AdobeStockPhotos
[2010/01/06 14:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Adobe Scripts
[2010/01/06 14:21:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\creativepack-120
[2010/01/06 14:21:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Copy to Mother
[2010/01/06 14:21:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\ConvertXtoDVD
[2010/01/06 14:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\ForceField Shared Files
[2010/01/06 14:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Duplicate Files
[2010/01/06 14:21:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Downloads
[2010/01/06 14:21:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Microsys
[2010/01/06 14:21:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Joe
[2010/01/06 14:06:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\My Themes
[2010/01/06 14:05:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\P8
[2010/01/06 14:04:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\ReleaseMMPF
[2010/01/06 14:04:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Royale_Remixed
[2010/01/06 14:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Version Cue
[2010/01/06 14:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Updater
[2010/01/06 14:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\SUSAN PASSWORDS
[2010/01/06 14:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\Stardock
[2010/01/06 14:04:45 | 04,930,808 | ---- | C] (TweakNow.com ) -- C:\Documents and Settings\SusanAdmin\My Documents\RegCleaner.exe
[2010/01/06 14:01:58 | 05,008,904 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\SusanAdmin\My Documents\IsoBurner-Setup.exe
[2010/01/06 14:01:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Downloads
[2010/01/06 13:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Desktop\Photos
[2010/01/06 13:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Desktop\PureFaceJewels
[2010/01/06 13:39:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\SusanAdmin\Desktop\Tools
[2010/01/06 13:36:07 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\SusanAdmin\Desktop\spybotsd162.exe
[2010/01/06 13:35:49 | 06,345,368 | ---- | C] (PortableApps.com) -- C:\Documents and Settings\SusanAdmin\Desktop\ClamWinPortable_0.95.2_English.paf.exe
[2010/01/06 13:25:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\SusanAdmin\PrivacIE
[2010/01/06 13:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\MailFrontier
[2010/01/06 13:24:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\ApplicationHistory
[2010/01/06 13:24:12 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\SusanAdmin\IETldCache
[2010/01/06 13:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Identities
[2010/01/06 13:24:04 | 00,000,000 | R--D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\My Pictures
[2010/01/06 13:24:04 | 00,000,000 | R--D | C] -- C:\Documents and Settings\SusanAdmin\My Documents\My Music
[2010/01/06 13:24:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\SusanAdmin\Cookies
[2010/01/06 13:24:00 | 00,000,000 | --SD | C] -- C:\Documents and Settings\SusanAdmin\Application Data\Microsoft
[2010/01/06 13:24:00 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\SusanAdmin\SendTo
[2010/01/06 13:24:00 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\SusanAdmin\Application Data
[2010/01/06 13:24:00 | 00,000,000 | R--D | C] -- C:\Documents and Settings\SusanAdmin\Start Menu
[2010/01/06 13:24:00 | 00,000,000 | R--D | C] -- C:\Documents and Settings\SusanAdmin\My Documents
[2010/01/06 13:24:00 | 00,000,000 | R--D | C] -- C:\Documents and Settings\SusanAdmin\Favorites
[2010/01/06 13:24:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\SusanAdmin\Templates
[2010/01/06 13:24:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\SusanAdmin\PrintHood
[2010/01/06 13:24:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\SusanAdmin\NetHood
[2010/01/06 13:24:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings
[2010/01/06 13:24:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\Microsoft
[2010/01/06 13:24:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SusanAdmin\Desktop
[2010/01/05 23:31:30 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWinPortable
[2010/01/05 13:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\AA_Gallery
[2010/01/05 13:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\AA_Banners
[2010/01/05 13:45:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\ComputerStuff
[2010/01/05 13:45:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\AA_Zips
[2010/01/05 13:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\DNA-079_4
[2010/01/05 13:44:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\DNA-079_5
[2010/01/05 13:36:35 | 04,930,808 | ---- | C] (TweakNow.com ) -- C:\Documents and Settings\SusanAdmin\Desktop\RegCleaner.exe
[2010/01/05 13:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Downloads
[2010/01/05 13:33:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\DreamweaverPortable
[2010/01/05 13:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Eva
[2010/01/05 13:33:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\HairDesigner
[2010/01/05 13:32:03 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop\Impoortant Text Files
[2010/01/05 13:32:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Illustrator CS4
[2010/01/05 13:29:05 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop\Music
[2010/01/05 13:28:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Photo Ref
[2010/01/05 13:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\PoserTutorialLynda
[2010/01/05 13:26:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Render Studio
[2010/01/05 13:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Tutorials
[2010/01/05 13:23:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\ZBrush 3.5_R3
[2010/01/05 13:23:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\ZBrush Stuff
[2009/12/30 12:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2009/12/30 12:53:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player
[2009/07/16 18:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/15 17:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/15 17:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 17:54:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/15 16:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/07/15 16:41:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/03/26 11:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SDSD
[2008/03/26 11:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2007/10/13 17:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/08/17 23:49:06 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/01/25 22:26:15 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SusanAdmin\Desktop\OTL.exe
[2010/01/25 14:14:30 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/25 13:56:43 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/25 13:55:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 13:55:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/25 13:55:03 | 21,455,62624 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 00:00:09 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\SusanAdmin\NTUSER.DAT
[2010/01/24 23:59:46 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\SusanAdmin\ntuser.ini
[2010/01/24 23:59:34 | 12,909,766 | -H-- | M] () -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\IconCache.db
[2010/01/23 15:59:58 | 00,000,072 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Application Data\SusanAdmin-01301201226-WhiteList.xml
[2010/01/23 15:59:57 | 00,000,070 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Application Data\SusanAdmin-01301201226-Keyword.xml
[2010/01/23 15:59:56 | 00,381,665 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Application Data\SusanAdmin-01301201226-Learning.xml
[2010/01/23 14:40:38 | 00,020,480 | ---- | M] (IpVOPqgs) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/23 14:40:38 | 00,020,480 | ---- | M] (IpVOPqgs) -- C:\WINDOWS\System32\smss32.exe
[2010/01/23 14:40:34 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/23 14:40:34 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 14:31:58 | 00,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/22 14:29:10 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 15:27:55 | 00,000,753 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/21 15:27:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/21 15:27:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/19 22:25:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/16 16:30:00 | 00,000,081 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\Infected with Browser Redirect virus.URL
[2010/01/16 16:21:39 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 13:05:20 | 00,003,703 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\Attach.zip
[2010/01/16 12:57:58 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\SusanAdmin\Desktop\RootRepeal.exe
[2010/01/16 12:54:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\dds.scr
[2010/01/16 12:39:59 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\HijackThis.lnk
[2010/01/16 12:32:12 | 03,827,010 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\ComboFix.exe
[2010/01/16 12:25:03 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\SusanAdmin\Desktop\HJTInstall.exe
[2010/01/16 12:19:47 | 03,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\SusanAdmin\Desktop\spywareblastersetup42.exe
[2010/01/15 23:29:25 | 00,372,744 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/15 23:22:25 | 00,000,940 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\Spybot - Search & Destroy.lnk
[2010/01/15 20:41:39 | 00,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 19:15:07 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweakNow RegCleaner.lnk
[2010/01/14 01:20:46 | 00,153,600 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Application Data\SharedSettings.ccs
[2010/01/08 15:31:22 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\My Documents\Technology License Agreement.doc
[2010/01/08 15:26:31 | 00,056,678 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\My Documents\Technology_License_Agreement.zip
[2010/01/08 12:23:58 | 00,060,892 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\My Documents\Technology_License_Agreement.pdf
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 18:56:08 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/06 13:24:22 | 00,025,112 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/06 11:46:22 | 00,522,500 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/06 11:46:22 | 00,442,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/06 11:46:22 | 00,071,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/05 13:53:26 | 00,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/04 14:43:32 | 00,000,062 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\Software - ShareCG.URL
[2009/12/30 22:17:36 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\Technology License Agreement.doc
[2009/12/30 13:04:46 | 17,070,274 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\highrestexture.flv
[2009/12/30 12:53:59 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV Player.lnk
[2009/12/30 12:50:40 | 08,337,228 | ---- | M] () -- C:\Documents and Settings\SusanAdmin\Desktop\clonebrushvideo.flv
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/01/23 14:40:34 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/23 14:40:34 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 14:31:58 | 00,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/22 14:29:10 | 00,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/16 16:30:00 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Infected with Browser Redirect virus.URL
[2010/01/16 13:05:20 | 00,003,703 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Attach.zip
[2010/01/16 12:54:35 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\dds.scr
[2010/01/16 12:39:59 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\HijackThis.lnk
[2010/01/16 12:32:09 | 03,827,010 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\ComboFix.exe
[2010/01/15 23:22:25 | 00,000,940 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Spybot - Search & Destroy.lnk
[2010/01/15 20:41:39 | 00,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/15 18:47:48 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 19:15:07 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweakNow RegCleaner.lnk
[2010/01/12 11:24:00 | 00,153,600 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Application Data\SharedSettings.ccs
[2010/01/08 14:19:28 | 00,056,678 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Technology_License_Agreement.zip
[2010/01/08 12:23:58 | 00,060,892 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Technology_License_Agreement.pdf
[2010/01/07 15:07:11 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Technology License Agreement.doc
[2010/01/06 20:17:35 | 00,381,665 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Application Data\SusanAdmin-01301201226-Learning.xml
[2010/01/06 20:17:35 | 00,000,072 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Application Data\SusanAdmin-01301201226-WhiteList.xml
[2010/01/06 20:17:35 | 00,000,070 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Application Data\SusanAdmin-01301201226-Keyword.xml
[2010/01/06 14:32:28 | 00,017,881 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\AdobeFnt10.lst
[2010/01/06 14:04:53 | 01,722,880 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\ZuneDesktopTheme.msi
[2010/01/06 14:04:52 | 01,111,358 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\UXTheme Multi-Patcher 5.5.exe
[2010/01/06 14:04:52 | 00,071,189 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Sunset.jpg
[2010/01/06 14:04:51 | 03,082,870 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Royale_Remixed.rar
[2010/01/06 14:04:50 | 01,121,792 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Royale RemixedL.msi
[2010/01/06 14:04:49 | 02,836,992 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Royale Remixed.msi
[2010/01/06 14:03:19 | 15,810,7766 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\PoserPro Update.nrg
[2010/01/06 14:03:06 | 31,153,621 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Poser7-SR2.1.zip
[2010/01/06 14:01:58 | 24,275,7788 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\P7-Updates.nrg
[2010/01/06 14:01:58 | 06,668,469 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Daz3D___ps_ac1524b___Dynamic_Glamour_Halter_Gown_Set_for_IV___GV.exe
[2010/01/06 14:01:58 | 04,845,686 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Image.nrg
[2010/01/06 14:01:58 | 01,939,803 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\creativepack-120.zip
[2010/01/06 14:01:58 | 00,483,118 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Fish.jpg
[2010/01/06 14:01:58 | 00,346,516 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\cc_20080722_2309.reg
[2010/01/06 14:01:58 | 00,251,498 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\cc_20090712_221707.reg
[2010/01/06 14:01:58 | 00,096,800 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\cc_20090818_125203.reg
[2010/01/06 14:01:58 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\AA.doc
[2010/01/06 14:01:58 | 00,001,536 | -HS- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\drmv2.lic
[2010/01/06 14:01:58 | 00,000,963 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\abg-en-100c-ffffff[1].png
[2010/01/06 14:01:58 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\Launch Microsoft Office Outlook.lnk
[2010/01/06 14:01:58 | 00,000,020 | -HS- | C] () -- C:\Documents and Settings\SusanAdmin\My Documents\ntuser.ini
[2010/01/06 13:36:10 | 00,434,277 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\ucr2filespec_dec2004.pdf
[2010/01/06 13:36:10 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Technology License Agreement.doc
[2010/01/06 13:36:10 | 00,000,078 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Use MSconfig to setup for Normal Startup Mode - MajorGeeks Support Forums.URL
[2010/01/06 13:36:10 | 00,000,068 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\YouTube - Blacksmith3D - Using The Clone Brush - 3D Paint.URL
[2010/01/06 13:36:07 | 00,190,130 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\SaySay.jpg
[2010/01/06 13:36:07 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Software - ShareCG.URL
[2010/01/06 13:36:04 | 27,179,220 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Promo-JPG.zip
[2010/01/06 13:36:03 | 00,313,344 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\hjsplit.exe
[2010/01/06 13:36:03 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Joint Smoother_V4.URL
[2010/01/06 13:36:01 | 17,070,274 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\highrestexture.flv
[2010/01/06 13:35:50 | 08,337,228 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\clonebrushvideo.flv
[2010/01/06 13:35:49 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\CCleaner.lnk
[2010/01/06 13:35:42 | 00,000,077 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\AS Poser 8 Indirect Light - Aery Soul.URL
[2010/01/06 13:35:42 | 00,000,076 | ---- | C] () -- C:\Documents and Settings\SusanAdmin\Desktop\Alice list of products supporting her UPD 06 Jul - Aery Soul.URL
[2010/01/06 13:24:01 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\SusanAdmin\ntuser.ini
[2010/01/06 13:24:00 | 05,505,024 | -H-- | C] () -- C:\Documents and Settings\SusanAdmin\NTUSER.DAT
[2010/01/05 13:53:26 | 00,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/05 13:23:05 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wardrobe Wizard.lnk
[2010/01/05 13:23:03 | 00,000,095 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Renderosity Digital Art Community.URL
[2010/01/05 13:23:02 | 14,602,484 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Que - Upgrading and Repairing PCs 19th Edition (2009).pdf
[2010/01/05 13:22:59 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\P3dO Explorer.lnk
[2010/01/05 13:22:59 | 00,000,071 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pixologic ZClassroom Homeroom.URL
[2010/01/05 13:22:59 | 00,000,065 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photoshop CS4 3d Tutorial.URL
[2010/01/05 13:22:59 | 00,000,063 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhilC Designs Home Product Info Hair Designer.URL
[2010/01/05 13:22:59 | 00,000,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhilC Designs Ltd --- Animation Editing.URL
[2010/01/05 13:22:56 | 01,598,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gothic_Revival_Mini_Tut.jpg
[2010/01/05 13:22:51 | 00,087,351 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\G2Jessi_MegaResource_Help.pdf
[2010/01/05 13:22:46 | 63,518,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Focal Press Creative Photoshop CS4 Digital Illustration and Art Techniques Apr 2009.pdf
[2010/01/05 13:22:46 | 01,405,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\D3D_PerfectSkin.pdf
[2010/01/05 13:22:46 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrossDresser 2.0.lnk
[2010/01/05 13:22:46 | 00,000,069 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cult of Erotica - The Art of Bruce Colero.URL
[2010/01/05 13:22:44 | 08,008,141 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CreativeStudio01.pdf
[2010/01/05 13:22:36 | 04,922,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACPromos.zip
[2010/01/05 13:22:36 | 00,000,054 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3D Paint - Morph - Model - Blacksmith3D - 3D Painting, Morphing and Modeling Application.URL
[2009/12/30 12:53:59 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV Player.lnk
[2009/12/16 19:11:18 | 00,004,018 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/18 17:33:49 | 00,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2008/01/23 11:50:53 | 00,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/12/26 02:10:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/10 11:29:32 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/31 21:03:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2007/08/21 18:52:04 | 00,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2007/08/21 17:49:32 | 00,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2007/08/18 22:22:20 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/08/18 22:22:12 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/08/18 22:07:47 | 00,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2007/08/18 21:48:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx2.ini
[2007/08/18 20:45:22 | 00,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/08/18 15:32:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/17 23:55:28 | 00,868,352 | ---- | C] () -- C:\WINDOWS\System32\WirelessMgr.dll
[2007/08/17 23:50:49 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2007/08/17 23:50:49 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2007/08/17 23:49:06 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2007/08/15 06:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/05/26 10:32:28 | 00,026,288 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/01/10 07:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/03/17 13:16:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/17 13:16:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/17 13:16:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 13:16:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/17 13:16:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/11/11 19:40:50 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2005/11/11 19:40:48 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== Custom Scans ========== < %systemroot%\system32\*.dll /lockedfiles >[2004/02/24 08:12:40 | 01,386,496 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < MD5 for: AGP440.SYS >[2004/08/03 19:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/03 19:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2009/12/14 00:30:58 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009/12/14 00:30:58 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/14 00:30:58 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/03 18:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 18:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 18:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/03 18:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 18:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 18:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/03 18:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 18:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 18:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E79D0966
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58CF2C8C
< End of report >
Extras.txt
OTL Extras logfile created on: 1/25/2010 10:33:44 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\SusanAdmin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 21.38 Gb Free Space | 19.13% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 44.44 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BAD-DOGGIE
Current User Name: SusanAdmin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1275210071-1284227242-682003330-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\Smith Micro\Poser Pro\PoserPro.exe" = C:\Program Files\Smith Micro\Poser Pro\PoserPro.exe:*:Enabled:Poser Pro executable file -- (Smith Micro Software, Inc)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\TEMP\ihxa.tmp\svchost.exe" = C:\WINDOWS\TEMP\ihxa.tmp\svchost.exe:*:Enabled:svchost -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{262175AE-A9D9-472B-9FA5-0AAEDADB0B6C}" = ELLA for Microsoft Outlook
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C4354214-B919-4C8F-84EB-4F9B84ACC02C}" = Retrospect 6.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}" = Atheros Wireless LAN
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.7
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"Applian FLV Player2.0.24" = Applian FLV Player
"Big Clock Pro_is1" = Big Clock Pro 4.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025006C" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EditPad Lite" = JGsoft EditPad Lite 5.2.0
"ExtractNow_is1" = ExtractNow
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"InterActual Player" = InterActual Player
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nero - Burning Rom!UninstallKey" = Nero 6
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"P3dO Explorer" = P3dO Explorer (remove only)
"PC Wizard 2008_is1" = PC Wizard 2008.1.86
"Poser Pro_is1" = Poser Pro 7.0.4 Service Release
"ProInst" = Intel® PROSet/Wireless Software
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"Victoria 4.2 Muscle Morphs ps_mr259_V4MuscleMorphs" = Victoria 4.2 Muscle Morphs
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW Support Files - Expansion Pack 8_is1" = WW 2.0 Support Files - Expansion Pack 8
"ZBrush2" = ZBrush2
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
------------------------------------------------------------------------------
Thanks for the help with this. I'm just paralyzed and am getting very grumpy.
This topic is locked
Attach.txt 14.05KB
1 downloads
Back to top
