HelloTroy:
Problem with GMER. I think we are on to something. it was running GMER when it shut down. The error box came up on restart.
C:\DOCUME~1\RUFFUS\LOCALS~1\Temp\WER0eed.dir00\Mini010512-01.dmp
C:\DOCUME~1\RUFFUS\LOCALS~1\Temp\WER0eed.dir00\sysdata.xml
Error signature
BCCode : 1000008e BCP1 : C0000005 BCP2 : 8054BF8F BCP3 : F78E2390
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1
The latest Malware Bytes scan 12 - 30 - 11 came up with my Uniblue Spyware as a roque spyware and I clicked delete. I can reinstall it but that is just some of the symptoms. The 3-14-11 log found the trojan. The temp folder has been emptied on more than one occasion and sometimes it contains locked items that are being used by other programs when I try to Secure Clean zap them.
Do you want me to try to run GMER again? Do you want the mbam-log-2011-03-14?
----------------------------------
----------------------------------
No to the proxy server.
OTL logfile created on: 1/5/2012 7:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\RUFFUS\Desktop\maleware university
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.23 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 70.39% Memory free
2.94 Gb Paging File | 2.75 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): C:\pagefile.sys 1896 3792 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.90 Gb Total Space | 3.85 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.63 Gb Free Space | 44.98% Space Free | Partition Type: FAT32
Computer Name: CHEAPY | User Name: RUFFUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/01/05 18:25:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RUFFUS\Desktop\maleware university\OTL.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 11:24:16 | 000,364,544 | ---- | M] (WhiteCanyon Inc.) -- C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe
PRC - [2007/05/17 11:16:20 | 001,525,248 | ---- | M] (WhiteCanyon Inc.) -- C:\Program Files\WhiteCanyon\SecureClean 4\SCTray4.exe
========== Modules (No Company Name) ========== MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2004/09/14 12:44:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbxPP5C.DLL
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Disabled | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/06 00:30:42 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/05/17 11:24:16 | 000,364,544 | ---- | M] (WhiteCanyon Inc.) [Auto | Running] -- C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe -- (SCWatch 4.0)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [Disabled | Stopped] -- C:\WINDOWS\System32\lxbxcoms.exe -- (lxbx_device)
========== Driver Services (SafeList) ========== DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2010/06/10 18:00:06 | 000,022,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/09 10:14:18 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/02/06 00:40:50 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/11/15 16:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 17:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/09/02 21:01:16 | 000,396,480 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/08/04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/18 13:45:28 | 000,038,784 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://login.live.com/login.srf?wa=wsi ... &id=254014IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6BC6A3C8-853C-4239-AAB8-AC6B0A726F59}: C:\Documents and Settings\RUFFUS\Local Settings\Application Data\{6BC6A3C8-853C-4239-AAB8-AC6B0A726F59}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SecureClean4Tray] C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe (WhiteCanyon Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009..\Run: [EPSON WorkForce 520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGIA.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2628D19-379C-4C98-8970-2D2E45A14A95}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\RUFFUS\My Documents\My Pictures\snowman.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\RUFFUS\My Documents\My Pictures\snowman.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/03 11:34:14 | 000,000,090 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2012/01/05 19:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/05 19:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/05 17:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\maleware university
[2012/01/04 04:28:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RUFFUS\Start Menu\Programs\Administrative Tools
[2012/01/04 04:28:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\RUFFUS\SendTo
[2012/01/04 04:28:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\RUFFUS\PrintHood
[2012/01/03 20:15:48 | 062,844,032 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe
[2012/01/03 20:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/03 08:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2011/12/30 18:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\ten pictures
[2011/12/29 12:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Application Data\RegistryKeys
[2011/12/17 19:22:02 | 000,064,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\McPvDrv.sys
[2011/12/17 19:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/17 18:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/12/17 15:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/17 15:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 09:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/12/17 08:33:44 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/12/17 08:26:54 | 002,778,080 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athwx.sys
[2011/12/17 08:25:56 | 000,040,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInst.dll
[2011/12/17 08:25:56 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2011/12/17 08:24:06 | 002,310,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2011/12/17 08:24:06 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2011/12/17 08:24:04 | 000,114,688 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2011/12/17 08:24:04 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2011/12/17 08:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Driver Updater
[2011/12/17 08:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Driver Updater
[2011/12/17 07:46:31 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe
[2011/12/17 07:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Registry Optimizer
[2011/12/17 07:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Registry Optimizer
[2011/12/16 01:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\sctemp
[2011/12/16 01:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\nwwia
[2011/12/16 01:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\5 Spots
[2011/12/16 01:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon Servicepoint
[2011/12/15 09:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/12/14 22:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/12/14 20:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/12/14 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2011/12/14 16:54:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\RUFFUS\Application Data\Broderbund
[2011/12/14 12:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Local Settings\Application Data\McAfee Anti-Theft
[2011/12/13 21:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2011/12/13 21:02:55 | 000,000,000 | ---D | C] -- C:\Temp
[2011/12/13 20:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/13 20:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/13 20:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/13 20:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/13 20:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/13 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/12/13 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/12/13 09:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2011/12/12 13:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient(2)
[2011/12/12 08:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\5 Spots
[2011/12/12 08:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/12/12 08:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/12/12 05:07:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/09 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\sponsorship kit
[2011/12/08 15:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Local Settings\Application Data\FixItCenter
[2011/12/08 14:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/12/08 14:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/12/08 14:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Application Data\ElevatedDiagnostics
[2011/12/08 14:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/08 14:38:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/01/05 19:22:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93092FFA-1129-47C9-8A1D-B8E9867C93FA}.job
[2012/01/05 19:20:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{37BE3EF3-DF98-45B3-80AE-31EA98DC343C}.job
[2012/01/05 19:08:46 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\NTREGOPT.lnk
[2012/01/05 19:08:46 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\ERUNT.lnk
[2012/01/05 19:08:04 | 000,445,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 19:08:04 | 000,072,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 19:07:26 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/01/05 19:07:25 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/01/05 19:03:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 18:51:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/01/05 18:21:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Microsoft Office Word 2003.lnk
[2012/01/05 15:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2012/01/04 22:21:14 | 000,001,632 | ---- | M] () -- C:\WINDOWS\yahtzee.ini
[2012/01/04 07:46:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2012/01/03 20:16:06 | 062,844,032 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe
[2012/01/03 08:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/01 00:04:00 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2012/01/01 00:04:00 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\9599BF
[2011/12/30 05:47:36 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Microsoft Office PowerPoint 2003.lnk
[2011/12/29 18:17:08 | 000,000,107 | ---- | M] () -- C:\WINDOWS\EWF520.ini
[2011/12/29 18:11:43 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/12/29 13:19:35 | 000,035,416 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Application Data\wklnhst.dat
[2011/12/28 08:27:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Microsoft Streets & Trips.lnk
[2011/12/23 22:30:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/20 21:48:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/12/17 19:43:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/17 19:43:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/17 09:14:33 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/12/17 08:05:40 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip Driver Updater.lnk
[2011/12/17 07:46:31 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip Registry Optimizer.lnk
[2011/12/16 01:01:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 22:16:38 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Play 5 Spots.lnk
[2011/12/14 22:16:38 | 000,001,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/12/14 17:39:54 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/12/14 13:20:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/14 05:09:48 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 04:51:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/13 21:21:49 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/12/13 21:21:49 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/12/12 13:35:21 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2011/12/08 15:11:11 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/01/05 19:08:46 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Desktop\NTREGOPT.lnk
[2012/01/05 19:08:46 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Desktop\ERUNT.lnk
[2011/12/17 09:14:33 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/12/17 09:14:18 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/12/17 08:24:06 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/12/17 08:24:06 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/12/17 08:24:06 | 000,024,736 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/12/17 08:24:06 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/12/17 08:05:40 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip Driver Updater.lnk
[2011/12/17 07:46:47 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2011/12/17 07:46:47 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2011/12/17 07:46:31 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip Registry Optimizer.lnk
[2011/12/16 17:12:28 | 000,185,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/14 22:17:56 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Desktop\Play 5 Spots.lnk
[2011/12/14 22:16:38 | 000,001,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/12/14 22:13:52 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/12/14 22:13:52 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/12/13 21:21:49 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/12/13 21:21:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/12/12 13:35:21 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2011/12/08 14:51:11 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/12/08 14:51:10 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/12/08 14:49:05 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011/12/08 14:49:05 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/07/13 00:25:19 | 000,065,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/28 08:53:34 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 21:05:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/03/09 12:05:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/09 12:05:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/09 12:05:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/09 12:05:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/09 12:05:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/09 12:05:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/09 12:05:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/09 12:05:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/09 12:05:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/09 12:05:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/09 12:05:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/09 12:05:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/09 12:05:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/03/09 12:05:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/09 12:05:05 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/09 12:05:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/09 11:59:52 | 000,000,107 | ---- | C] () -- C:\WINDOWS\EWF520.ini
[2011/03/08 22:33:16 | 000,035,416 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Application Data\wklnhst.dat
[2011/01/24 03:00:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/23 08:28:17 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KISMET.INI
[2010/12/23 08:21:57 | 000,032,086 | ---- | C] () -- C:\Program Files\kismet.zip
[2010/12/19 15:56:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jdoyu.dat
[2010/12/19 15:56:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ykaquvogepuwido.bin
[2010/11/10 07:36:03 | 000,455,168 | ---- | C] () -- C:\WINDOWS\System32\redllw32.dll
[2010/11/10 07:36:03 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PDDLLW32.DLL
[2010/11/10 07:28:47 | 000,001,632 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2010/11/05 13:13:09 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/11/04 19:33:55 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\WiseCheckDll.dll
[2010/10/29 12:38:28 | 000,000,623 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/22 08:25:56 | 000,020,232 | ---- | C] () -- C:\WINDOWS\System32\AntiSpyNative64.exe
[2010/10/22 08:25:56 | 000,016,648 | ---- | C] () -- C:\WINDOWS\System32\AntiSpyNative32.exe
[2010/10/03 19:32:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbxvs.dll
[2008/11/17 19:11:53 | 000,007,081 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/07 10:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2008/02/06 23:05:09 | 000,000,063 | ---- | C] () -- C:\WINDOWS\refpt.ini
[2008/02/06 10:12:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/06 08:54:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/06 01:02:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/02/06 00:44:00 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2008/02/06 00:43:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/02/06 00:43:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/06 00:43:32 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/02/06 00:38:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/06 00:21:36 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 11:12:10 | 000,445,484 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 11:12:10 | 000,072,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 11:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 11:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 11:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 11:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 11:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 11:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 11:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 11:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:548AE60C
< End of report >
OTL Extras logfile created on: 1/5/2012 7:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\RUFFUS\Desktop\maleware university
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.23 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 70.39% Memory free
2.94 Gb Paging File | 2.75 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): C:\pagefile.sys 1896 3792 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.90 Gb Total Space | 3.85 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.63 Gb Free Space | 44.98% Space Free | Partition Type: FAT32
Computer Name: CHEAPY | User Name: RUFFUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\DesktopCentral_Server\apache\bin\dcserverhttpd.exe" = C:\Program Files\DesktopCentral_Server\apache\bin\dcserverhttpd.exe:*:Enabled:Apache HTTP Server
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 25
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3304276B-6134-44BD-8D87-F06A13AE2AFE}" = Music Oasis
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83b13a64-d98a-48a2-8cbc-ec0ec5433b18}" = SecureClean4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1" = WinZip Driver Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F39A74A0-FAE2-401C-AED1-1C941AA28EA8}" = McAfee AntiSpyware
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"7-Zip 9.20" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"BFG-5 Spots" = 5 Spots
"BFGC" = Big Fish Games: Game Manager
"BigFix" = BigFix
"Bogglev1" = Boggle
"Clue" = Clue
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"getPlus(R)_ocx" = getPlus(R)_ocx
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Lexmark 7100 Series" = Lexmark 7100 Series
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSNINST" = MSN
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"PROSet" = Intel(R) Network Connections Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 6.0" = RealPlayer Basic
"Reference Point Software Template for APA format, Word 2003" = Reference Point Software Template for APA format, Word 2003
"Rhapsody" = Rhapsody
"Shockwave" = Shockwave
"SpyEraser_is1" = Uniblue SpyEraser
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip Registry Optimizer_is1" = WinZip Registry Optimizer
"WMFDist11" = Windows Media Format 11 runtime
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahtzeev1" = Yahtzee
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Verizon Call Assistant" = Verizon Call Assistant
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/16/2011 11:50:31 AM | Computer Name = CHEAPY | Source = Application Error | ID = 1001
Description = Fault bucket 00000009.
Error - 7/17/2011 5:42:49 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/17/2011 5:44:41 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/17/2011 6:03:05 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/17/2011 6:49:32 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/17/2011 8:24:17 PM | Computer Name = CHEAPY | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.
Error - 7/19/2011 4:23:19 PM | Computer Name = CHEAPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 7/23/2011 6:15:53 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/27/2011 4:31:15 PM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/28/2011 5:29:02 PM | Computer Name = CHEAPY | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
[ System Events ]
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}
Error - 1/5/2012 8:09:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.
Error - 1/5/2012 8:11:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.
Error - 1/5/2012 8:16:15 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.
< End of report >
------------ NO GMER -----------
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.orgDatabase version: v2011.12.29.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
RUFFUS :: CHEAPY [administrator]
Protection: Enabled
12/30/2011 6:39:38 AM
mbam-log-2011-12-30 (06-39-38).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 341944
Time elapsed: 7 hour(s), 30 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser (Rogue.SpyEraser) -> Quarantined and deleted successfully.
Files Detected: 4
C:\Documents and Settings\All Users\Desktop\SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\SpyEraser Help.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\Uninstall SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
(end)