otl:
OTL logfile created on: 6/19/2011 8:28:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\user\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.55% Memory free
5.05 Gb Paging File | 4.62 Gb Available in Paging File | 91.53% Paging File free
Paging file location(s): C:\pagefile.sys 2287 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 250.02 Gb Free Space | 83.88% Space Free | Partition Type: NTFS
Computer Name: USER-EEBF5B7991 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/06/19 20:26:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
PRC - [2011/05/30 11:20:10 | 002,565,616 | ---- | M] () -- C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/02/24 08:36:15 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/01/14 13:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/12/16 19:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 14:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
========== Modules (SafeList) ========== MOD - [2011/06/19 20:26:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/01/14 13:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/12/16 19:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/14 14:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ========== DRV - [2011/05/30 11:21:18 | 000,158,192 | ---- | M] (SpyShelter) [Kernel | System | Running] -- C:\Program Files\SpyShelter Personal Free\SpyShelter.sys -- (SpyShelter)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/16 19:12:59 | 000,113,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/12/16 19:12:51 | 000,111,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/12/16 19:12:42 | 000,130,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/12/16 19:12:34 | 000,097,352 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/12/16 19:12:26 | 000,141,768 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 09:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/11 18:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/08/05 11:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/23 18:53:32 | 000,069,632 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr8980.sys -- (mr8980)
DRV - [2007/08/22 04:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/04 06:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 10:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/07/16 16:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/07 17:37:18 | 000,014,133 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Pclepci.sys -- (PCLEPCI)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Shareaza Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems:
firefox@bandoo.com:5.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.1.0.00
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems:
superfish@superfish.com:1.2.0.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda2_0yatb&p="
FF - HKLM\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com [2011/06/15 18:32:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/21 18:35:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 18:22:58 | 000,000,000 | ---D | M]
[2010/11/04 20:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/06/19 08:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions
[2011/01/20 18:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/03 17:11:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/05 16:08:21 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)
[2011/02/21 18:57:11 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)
[2010/11/04 20:30:01 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
[2011/01/20 19:09:37 | 000,000,000 | ---D | M] (NextGen AntiKeylogger) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\nextgenakl@maxsecurity.lab.ltd
[2011/01/08 15:04:53 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com
[2011/05/30 17:39:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\bing-zugo.xml
[2010/08/24 19:33:23 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\MyStart Search.xml
[2010/04/12 16:01:50 | 000,005,495 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\SearchquWebSearch.xml
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\ShareazaWebSearch.xml
[2011/06/15 19:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 19:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{7FF99715-3016-4381-84CE-E4E4C9673020}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\FIREFOX@BANDOO.COM
[2010/06/15 18:34:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\SHAREAZA APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010/04/12 16:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml
O1 HOSTS File: ([2010/06/30 15:09:45 | 000,411,396 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1
www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14217 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [SpyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo - No CLSID value found
O18 - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 20:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/06/19 20:26:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2011/06/19 20:15:03 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/19 20:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 20:14:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/19 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/19 20:13:49 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/19 20:04:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\TFC.exe
[2011/06/19 20:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\backups
[2011/06/19 08:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\netframe
[2011/06/18 13:54:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2011/06/17 07:51:42 | 000,000,000 | ---D | C] -- C:\0936a25e2e974c8c1057
[2011/06/16 17:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/16 07:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Spell Checker For OE 2.1
[2011/06/15 19:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/06/15 19:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/15 18:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/06/15 18:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/15 18:05:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user\My Documents\HijackThis.exe
[2011/06/15 18:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Updater5
[2011/06/15 17:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\HiJackThis
[2011/06/15 17:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/14 20:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/13 20:01:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/30 17:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Superfish
[2011/05/30 17:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Superfish
[2011/05/30 17:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMozilla
[2011/05/30 17:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/05/30 12:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyShelter
[2011/05/30 12:34:32 | 000,000,000 | ---D | C] -- C:\48ff03d23d8e16dee0
[2011/05/28 08:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\CD BURN LIST
[2011/05/28 08:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2011/05/28 08:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/05/28 08:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/05/28 08:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/05/28 08:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
========== Files - Modified Within 30 Days ========== [2011/06/19 20:26:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2011/06/19 20:13:49 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/19 20:10:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-user-Startup.job
[2011/06/19 20:09:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 20:04:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\TFC.exe
[2011/06/19 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/19 16:41:32 | 000,519,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/19 16:41:32 | 000,095,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 16:37:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 16:34:05 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/19 09:41:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EBD685C4-8CE4-42A7-A4DA-9B8ED27675CF}.job
[2011/06/19 09:37:28 | 000,127,439 | ---- | M] () -- C:\Documents and Settings\user\My Documents\instruc.jpg
[2011/06/19 08:47:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\user\My Documents\ysf1zi26.exe
[2011/06/18 08:17:02 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/06/17 08:14:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/17 08:06:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 07:57:55 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/17 07:49:03 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/15 18:05:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\user\My Documents\HijackThis.exe
[2011/06/15 18:05:02 | 000,002,799 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2011/06/03 09:05:39 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM 10.lnk
[2011/05/30 12:52:42 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SpyShelter Personal Free.lnk
[2011/05/30 12:28:12 | 000,012,600 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/30 12:28:12 | 000,012,600 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ========== [2011/06/19 09:36:13 | 000,127,439 | ---- | C] () -- C:\Documents and Settings\user\My Documents\instruc.jpg
[2011/06/19 08:47:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ysf1zi26.exe
[2011/06/15 17:38:52 | 000,002,799 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2011/05/30 09:32:33 | 000,012,600 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/30 09:32:33 | 000,012,600 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/28 08:10:48 | 000,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM 10.lnk
[2011/05/18 10:25:53 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/03/26 16:20:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/22 17:56:27 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2011/02/21 19:04:25 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/02/07 19:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dataguard.sys
[2011/01/25 18:11:00 | 001,740,800 | ---- | C] () -- C:\WINDOWS\System32\Osklauncher.exe
[2011/01/25 18:11:00 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\inject_logon_dll.dll
[2011/01/25 18:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SpyShelterShellExt.dll
[2011/01/20 19:08:26 | 001,091,072 | ---- | C] () -- C:\WINDOWS\System32\nextgenakl.dll
[2011/01/20 19:08:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\nextgenakl_ldr.dll
[2011/01/10 19:58:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/23 08:28:58 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 13:56:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2010/07/19 19:30:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Settings.cfg
[2010/07/16 17:12:32 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LPng.dll
[2010/07/02 08:08:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/01 15:17:04 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/01 09:51:17 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\user\Application Data\SharedSettings.ccs
[2010/07/01 06:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/30 17:15:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/30 15:51:50 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\dbrename7.exe
[2010/06/30 15:46:33 | 000,105,001 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2010/06/30 15:46:33 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2010/06/30 15:32:27 | 000,000,794 | ---- | C] () -- C:\WINDOWS\Studio7.ini
[2010/06/30 15:31:30 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/06/30 15:31:30 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/06/30 15:31:30 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/06/30 15:31:30 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/06/30 15:31:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/06/30 12:14:55 | 000,009,321 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).EML
[2010/06/30 10:18:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/15 18:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/06/04 17:15:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2010/06/03 20:37:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 20:31:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/03 13:05:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/03 13:04:00 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/06/24 19:50:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr8980if.dll
[2005/10/27 04:51:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,519,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,095,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 18:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/12/29 11:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
========== LOP Check ========== [2011/01/07 16:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/28 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/01 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2011/03/24 17:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/10/07 18:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/08/24 19:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/08/24 19:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/06/19 16:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/05/18 10:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/03/25 07:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/02/21 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/02/21 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2010/08/24 19:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/07/02 08:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2011/06/19 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/19 12:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AskToolbar
[2011/03/28 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canneverbe Limited
[2011/06/04 10:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon
[2010/07/01 10:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CoffeeCup Software
[2010/09/19 12:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.w3i.musicoasis
[2010/07/19 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dynamic
[2011/06/16 07:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileZilla
[2010/10/07 18:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GARMIN
[2010/07/01 09:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlobalSCAPE
[2010/07/16 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Guarding Recorder
[2010/06/30 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2011/03/28 09:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\imeshbandmltbpi
[2011/05/19 06:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nitro PDF
[2011/03/25 06:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nuance
[2011/03/28 09:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ooVoo Details
[2011/05/18 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2010/06/15 18:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/01/07 16:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Panda Security
[2011/02/05 16:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pandasecuritytb(2)
[2011/02/21 18:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pandasecuritytb(3)
[2011/05/18 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PrimoPDF
[2011/01/20 18:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Runscanner.net
[2010/07/19 18:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\shareazamediabartb
[2010/11/01 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Singlesnet
[2010/07/19 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SiteClasses
[2010/07/19 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sites
[2011/02/05 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpyShelter
[2011/02/05 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpyShelter(2)
[2011/05/30 17:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Superfish
[2010/06/30 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom
[2011/03/22 17:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Watchtower
[2011/03/24 17:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Zeon
[2011/06/19 20:10:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-user-Startup.job
[2011/06/19 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/19 09:41:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EBD685C4-8CE4-42A7-A4DA-9B8ED27675CF}.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\user\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\user\My Documents\Music Downloads:Shareaza.GUID
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43ED645
< End of report >
EXTRAS:
OTL Extras logfile created on: 6/19/2011 8:28:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\user\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.55% Memory free
5.05 Gb Paging File | 4.62 Gb Available in Paging File | 91.53% Paging File free
Paging file location(s): C:\pagefile.sys 2287 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 250.02 Gb Free Space | 83.88% Space Free | Partition Type: NTFS
Computer Name: USER-EEBF5B7991 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2881063B-C58F-49EB-97FD-8BF58EC580F9}" = Nitro PDF Reader
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A128D8-6636-4293-BC1A-041B65A9E139}" = Digital Wireless Camera
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C27AF593-1464-4805-9F17-574F595212C0}" = Watchtower Library 2005 - English Edition
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D02220CE-1475-4F0F-9F12-251161999D53}" = Garmin MapSource
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF7CFCDF-08ED-4BFA-8980-9F8F3A9596B3}" = TrafficSeeker 8.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1" = CamGuard Security System (Home Edition) 4.0.14.223
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"135D0C8BC13A45369E2154E1FAC3FB2C47755A80" = Windows Driver Package - OEM (mr8980) Image (04/20/2007 1.0.0.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CamGuard Security System Remote Client_is1" = MClient.exe
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Image Composer" = Microsoft Image Composer 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MapSource" = MapSource
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 6.0" = RealPlayer Basic
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SpyShelter_is1" = SpyShelter Personal Free 5.20
"StudioDV" = Studio
"TomTom HOME" = TomTom HOME
"Veetle TV" = Veetle TV 0.9.18
"WebDesigner" = Microsoft Expression Web
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.4.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/18/2011 6:01:30 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 5/18/2011 6:18:15 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19046, fault address 0x000f9752.
Error - 5/20/2011 6:15:57 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 5/25/2011 6:27:42 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 5/25/2011 6:27:58 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 5/28/2011 8:56:46 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 5/29/2011 8:21:36 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 5/29/2011 8:21:39 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1001
Description = Fault bucket 1991255601.
Error - 5/30/2011 7:16:58 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
Error - 6/7/2011 8:09:30 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.
[ System Events ]
Error - 6/13/2011 8:49:47 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 6/13/2011 8:49:48 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 6/13/2011 8:49:52 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 6/13/2011 9:00:34 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/16/2011 6:15:17 PM | Computer Name = USER-EEBF5B7991 | Source = NtServicePack | ID = 921883
Description = Windows XP Hotfix KB2544521-IE8 installation failed. KB2544521 installation
did not complete.
Error - 6/17/2011 8:08:35 AM | Computer Name = USER-EEBF5B7991 | Source = NtServicePack | ID = 921877
Description = Windows XP KB2503665 installation failed. An internal error occurred.
Error - 6/17/2011 8:08:40 AM | Computer Name = USER-EEBF5B7991 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007054f: Security Update for Windows XP (KB2503665).
Error - 6/17/2011 8:09:14 AM | Computer Name = USER-EEBF5B7991 | Source = NtServicePack | ID = 921883
Description = Windows XP Hotfix KB2476490 installation failed. KB2476490 installation
did not complete.
Error - 6/17/2011 8:09:30 AM | Computer Name = USER-EEBF5B7991 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f01f: Security Update for Windows XP (KB2476490).
Error - 6/17/2011 8:57:16 AM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.
< End of report >
MBAM:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.orgDatabase version: 6897
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/19/2011 8:19:40 PM
mbam-log-2011-06-19 (20-19-40).txt
Scan type: Quick scan
Objects scanned: 174833
Time elapsed: 3 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)