View Full Version : Trojan downloader/New Juan - keeps coming back; please help.
platypusvet
2009-03-28, 19:20
I have been having problems with numerous pop-ups advertising rogue-spyware programs and other things. I previously scanned the computer with Windows Defender, Ad-aware, Spybot S&D, and SUPERAntispyware, and removed everything that was found (keeps finding trojan downloaders, New Juan, etc.) but can't get rid of the pop-ups. Occasionally the computer will not shut down normally either. Here is my HJT log file - any help would be appreciated.
Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:28 PM, on 3/28/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files (x86)\HIS iTurbo\iTurbo.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\CE\nmSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\CE\nmFlt.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4bcb2ffc-5f34-44ce-a2a3-647ccd23d216} - C:\WINDOWS\SysWow64\ribodapi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: {8138cace-7fce-e849-c4c4-c2323069ff4e} - {e4ff9603-232c-4c4c-948e-ecf7ecac8318} - C:\WINDOWS\SysWow64\wahxas.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [iTurbo] "C:\Program Files (x86)\HIS iTurbo\iTurbo.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [jaziviweje] Rundll32.exe "C:\WINDOWS\system32\sibofuda.dll",s
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\ C:\WINDOWS\SysWow64\ribodapi.dll wahxas.dll c:\windows\system32\zeyoheko.dll c:\windows\system32\tudoniga.dll,C:\WINDOWS\system32\
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9a01db5bf260e) (gupdate1c9a01db5bf260e) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
End of file - 9645 bytes
Hi
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Please download ***OTViewIt**** (http://oldtimer.geekstogo.com/OTViewIt.exe) by ***OldTimer**** and save it to your Desktop.
Close all applications and windows.
Double-click on the ***OTViewIt.exe****to start OTViewIt.
Place a checkmark in the blue-colored Scan All Users checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, ***OTViewIt.Txt**** <- this one will be opened in Notepad and ***Extras.txt**** on Desktop.
Copy ***(Ctrl+A then Ctrl+C)**** and paste ***(Ctrl+V)**** the contents of ***OTViewIt.Txt**** and the Extras.txt to your post.
platypusvet
2009-03-31, 02:40
Malwarebytes' Anti-Malware 1.35
Database version: 1921
Windows 5.2.3790 Service Pack 2
3/30/2009 6:19:44 PM
mbam-log-2009-03-30 (18-19-44).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 228475
Time elapsed: 42 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 31
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\SysWOW64\ribodapi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kiwowive.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sibofuda.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jaziviweje (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm63b41ba0 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\syswow64\ribodapi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\syswow64\ribodapi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kiwowive.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kiwowive.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\sibofuda.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kiwowive.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SysWOW64\ribodapi.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\SysWOW64\kiwowive.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\e.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP370\A0047083.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP370\A0047084.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP370\A0047092.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\danuzihi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\defowija.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giyujuyo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhqvlv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hulifeki.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\muribabi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nobajanu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ribodapi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rimolodo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\danuzihi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\defowija.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\giyujuyo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\hhqvlv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\hulifeki.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\muribabi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\nobajanu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\rimolodo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\sibofuda.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fuwojake.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\welatili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dotudoyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sokogufe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lulakodu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
platypusvet
2009-03-31, 02:49
I am trying to post the two OTViewIt logs, but keep getting an error message as the website seems to time out when I try to submit the posts.
platypusvet
2009-03-31, 02:51
OTViewIt logfile created on: 3/30/2009 6:25:28 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.92% Memory free
3.87 Gb Paging File | 3.31 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 194.38 Gb Free Space | 69.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVO7
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[2005/02/25 19:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
[2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/08/29 11:55:54 | 01,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
[2009/01/24 19:53:13 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2005/03/25 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe
[2004/12/14 07:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/08/30 19:53:34 | 00,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2005/10/26 10:34:44 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe
[2006/08/31 07:18:48 | 00,114,688 | ---- | M] () -- C:\Program Files (x86)\HIS iTurbo\iTurbo.exe
[2007/02/16 12:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe
[2007/03/02 17:24:28 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
[2002/09/10 23:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
[2007/03/14 05:43:44 | 00,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
[2008/06/08 13:00:07 | 01,192,088 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
[2009/03/09 14:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
[2008/06/08 13:00:07 | 00,270,488 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
[2009/03/30 17:28:24 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/10/23 23:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (Ati HotKey Poller [Auto | Running])
[2007/11/02 00:05:00 | 00,660,992 | ---- | M] () -- C:\WINDOWS\system32\ati2saag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/23 23:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (dmadmin [On_Demand | Stopped])
File not found -- -- (Eventlog [Auto | Running])
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9a01db5bf260e [Auto | Stopped])
[2007/05/27 13:14:48 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Stopped])
[2007/02/18 13:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (MSDTC [On_Demand | Stopped])
[2007/02/18 13:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (NVSvc [Auto | Stopped])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (TlntSvr [Disabled | Stopped])
[2005/03/25 07:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
File not found -- -- (vds [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
[2006/11/03 20:36:20 | 00,014,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
========== Driver Services ==========
File not found -- -- (ACPI [Boot | Running])
File not found -- -- (ADIHdAudAddService [On_Demand | Running])
File not found -- -- (AFD [System | Running])
File not found -- -- (Arp1394 [On_Demand | Running])
File not found -- -- (AsyncMac [On_Demand | Running])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (ati2mtag [On_Demand | Running])
File not found -- -- (ATIAVAIW [On_Demand | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (FltMgr [Boot | Running])
File not found -- -- (Ftdisk [Boot | Running])
[2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (HDAudBus [On_Demand | Running])
File not found -- -- (HTTP [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
File not found -- -- (Lbd [Boot | Running])
[2005/03/25 07:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (ms_mpu401 [On_Demand | Running])
File not found -- -- (MTsensor [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (NIC1394 [On_Demand | Running])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
File not found -- -- (Null [System | Running])
File not found -- -- (nvata64 [Boot | Running])
File not found -- -- (NVENETFD [On_Demand | Running])
File not found -- -- (nvnetbus [On_Demand | Running])
File not found -- -- (ohci1394 [Boot | Running])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (Processor [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
[2005/05/24 22:39:14 | 00,007,168 | ---- | M] () -- C:\Program Files (x86)\HIS iTurbo\RTCore64.sys -- (RTCore64 [On_Demand | Running])
[2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (SenFiltService [On_Demand | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (sfdrv01 [Boot | Running])
File not found -- -- (sfhlp02 [Boot | Running])
File not found -- -- (sfsync02 [Boot | Running])
File not found -- -- (sr [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
File not found -- -- (VolSnap [Boot | Running])
File not found -- -- (Wanarp [On_Demand | Running])
[2005/03/25 07:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])
File not found -- -- (WS2IFSL [System | Running])
[2005/10/19 21:34:02 | 00,007,680 | ---- | M] (Overclocking Tool) -- C:\Program Files (x86)\HIS iTurbo\atillk64.sys -- (atillk64 [Disabled | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig?hl=en
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig?hl=en
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (304192 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
82.98.235.133 browser-security.microsoft.com
82.98.235.133 url.adtrgt.com
82.98.235.133 best-click-scanner.info
82.98.235.133 antivirus-xp-pro-2009.com
82.98.235.133 microsoft.infosecuritycenter.com
82.98.235.133 microsoft.softwaresecurityhelp.com
82.98.235.133 onlinenotifyq.net
82.98.235.133 antivirusxp-pro-2009.com
82.98.235.133 microsoft.browser-security-center.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
10476 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216} (HKLM) -- C:\WINDOWS\SysWOW64\ribodapi.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{e4ff9603-232c-4c4c-948e-ecf7ecac8318} (HKLM) -- C:\WINDOWS\SysWOW64\wahxas.dll (Adobe Systems Incorporated)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
platypusvet
2009-03-31, 02:52
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)
"BJCFD"="C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe" ()
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
"iTurbo"="C:\Program Files (x86)\HIS iTurbo\iTurbo.exe" /s ()
"jaziviweje"=Rundll32.exe "C:\WINDOWS\system32\sibofuda.dll",s File not found
"NMSVC"=C:\Program Files (x86)\CE\nmSvc.exe ()
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe File not found
"SoundMAX"="C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe" (Sun Microsystems, Inc.)
"x3watch"="C:\Program Files (x86)\X3watch\x3watch.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe (Ahead Software)
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe (Ahead Software)
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found
========== (O4) Startup Folders ==========
[2004/12/14 07:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [2007/03/14 05:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files (x86)\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 16:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sbcglobal.net: * in Trusted sites
sbcglobal.net: http in Trusted sites
sbcglobal.net: https in Trusted sites
yahoo.com: * in Trusted sites
yahoo.com: http in Trusted sites
yahoo.com: https in Trusted sites
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sbcglobal.net: * in Trusted sites
sbcglobal.net: http in Trusted sites
sbcglobal.net: https in Trusted sites
yahoo.com: * in Trusted sites
yahoo.com: http in Trusted sites
yahoo.com: https in Trusted sites
48 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}: http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab -- SentinelVE3D Class
{11260943-421B-11D0-8EAC-0000C07D88CF}: http://www.ipix.com/download/ipixx.cab -- iPIX ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{1F0C5B7A-0F6D-4CBB-8588-4EF6E3F7D8CA} (Servers: | Description: )
{30029412-16DB-433E-A430-0C67CF667E78} (Servers: | Description: 1394 Net Adapter)
{66E9D6B2-5037-407F-ABEE-F4A163408C20} (Servers: | Description: NVIDIA nForce Networking Controller)
========== (O20) AppInit_DLLs ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\ wahxas.dll c:\windows\system32\zeyoheko.dll c:\windows\system32\tudoniga.dll C:\WINDOWS\system32\ ,C:\WINDOWS\SysWow64\ribodapi.dll
>File not found -- C:\WINDOWS\system32\ wahxas.dll
>[1900/01/01 12:00:00 | 00,058,880 | ---- | M] () -- C:\WINDOWS\SysWOW64\ribodapi.dll
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/02/18 13:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe
"System"=lsass.exe
>File not found --
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
========== (O22) Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2006/12/29 21:28:05 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[2009/03/30 17:30:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/03/30 17:30:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 17:30:56 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 17:30:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/30 17:30:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 17:30:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/03/30 17:28:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/03/30 17:28:17 | 02,906,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/03/28 12:12:58 | 00,001,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/28 12:12:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/03/28 12:12:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\3-28-2009
[2009/03/28 12:11:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/03/28 12:10:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 12:09:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/28 12:07:51 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Instructions.doc
[2009/03/28 08:22:21 | 00,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/28 08:15:45 | 00,153,144 | ---- | C] (Antimalware Development a.s.) -- C:\Documents and Settings\Administrator\Desktop\ewido_micro.exe
[2009/03/28 08:00:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/03/28 08:00:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/28 07:58:19 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/03/27 19:38:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/27 19:38:52 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/27 19:38:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/03/27 19:38:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/03/27 19:38:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/03/26 06:11:53 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\wahxas.dll
[2009/03/25 07:10:22 | 00,129,024 | -HS- | C] (Lextek International) -- C:\WINDOWS\System32\owelee.dll
[2009/03/24 19:23:23 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2009/03/24 19:09:55 | 00,129,024 | -HS- | C] (Lextek International) -- C:\WINDOWS\System32\bhoium.dll
[2009/03/23 18:52:02 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/23 18:48:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2009/03/22 16:31:37 | 00,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/22 16:23:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/22 16:22:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/03/22 16:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/21 11:20:03 | 00,005,223 | -HS- | C] () -- C:\WINDOWS\System32\tasijapo.dll
[2009/03/21 11:19:46 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\sakalimo.dll
[2009/03/15 15:53:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/15 15:53:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/09 18:31:40 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VueScan.lnk
[2009/03/09 18:31:39 | 00,000,000 | ---D | C] -- C:\VueScan
[2009/03/08 22:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Sketch-UP
[2009/03/06 21:17:42 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nepali recipes.doc
========== Files - Modified Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/30 18:25:43 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/30 18:23:11 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\bupuzedu
[2009/03/30 18:22:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 18:22:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 17:30:56 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 17:29:23 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Instructions.doc
[2009/03/30 17:28:24 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/03/30 17:28:18 | 02,906,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/03/30 10:10:33 | 00,095,744 | ---- | M] (Lextek International) -- C:\WINDOWS\System32\kiwowive.dll
[2009/03/29 16:32:01 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 15:33:29 | 00,095,232 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\rahurite.dll
[2009/03/28 12:12:58 | 00,001,788 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/28 12:10:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 12:09:27 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/28 08:22:21 | 00,000,306 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/28 08:15:46 | 00,153,144 | ---- | M] (Antimalware Development a.s.) -- C:\Documents and Settings\Administrator\Desktop\ewido_micro.exe
[2009/03/28 07:59:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/03/28 07:40:33 | 00,090,112 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\buhedina.dll
[2009/03/27 19:38:52 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 06:11:52 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\wahxas.dll
[2009/03/25 07:10:22 | 00,129,024 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\tiyebuki.dll
[2009/03/25 07:10:22 | 00,129,024 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\owelee.dll
[2009/03/25 06:26:23 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/03/24 19:11:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/24 19:09:54 | 00,129,024 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\bhoium.dll
[2009/03/23 11:07:53 | 00,090,112 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\beziseno.dll
[2009/03/23 11:07:51 | 00,095,744 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\polekove.dll
[2009/03/22 15:00:05 | 00,095,744 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\kabujupe.dll
[2009/03/21 11:20:03 | 00,005,223 | -HS- | M] () -- C:\WINDOWS\System32\tasijapo.dll
[2009/03/21 11:19:46 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\sakalimo.dll
[2009/03/21 08:03:01 | 00,000,037 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\TheHunterSettings.cfg
[2009/03/15 16:05:18 | 00,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/15 15:53:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/15 15:53:51 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/14 13:27:54 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:28:02 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 18:31:40 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VueScan.lnk
[2009/03/06 21:17:43 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nepali recipes.doc
< End of report >
platypusvet
2009-03-31, 02:55
OTViewIt Extras logfile created on: 3/30/2009 6:25:28 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.92% Memory free
3.87 Gb Paging File | 3.31 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 194.38 Gb Free Space | 69.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVO7
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/03/25 07:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2007/03/02 17:24:20 | 14,672,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/02/10 11:48:12 | 09,187,328 | ---- | M] () -- C:\Program Files (x86)\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
[2007/10/22 20:07:42 | 02,667,744 | ---- | M] (Crytek GmbH) -- C:\Program Files (x86)\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo
[2008/09/30 21:48:24 | 10,738,208 | ---- | M] (Southlogic Studios) -- C:\Program Files (x86)\Deer Hunter Tournament\DHT.exe:*:Enabled:Deer Hunter Tournament
[2008/09/29 20:02:38 | 00,750,864 | ---- | M] (Southlogic Studios) -- C:\Program Files (x86)\Deer Hunter Tournament\Updater.exe:*:Enabled:Deer Hunter Tournament Current Updater
[2007/08/29 11:55:54 | 01,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe:*:Enabled:Weather
[2007/02/16 12:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe:*:Enabled:qttask
[2009/02/17 11:44:46 | 04,204,544 | ---- | M] () -- C:\Program Files (x86)\Emote\Launcher\launcher.exe:*:Enabled:launcher
[2005/03/25 07:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rundll32.exe:*:Enabled:rundll32
[2005/02/25 19:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe:*:Enabled:mssysmgr
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe:*:Enabled:iPodService
[2004/12/14 07:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:reader_sl
[2005/10/26 10:34:44 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe:*:Enabled:Smax4
[2002/09/10 23:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe:*:Enabled:CFD
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate
[2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:msmsgs
[2007/03/02 17:24:28 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Enabled:Intuit Update Shared Downloads Server
[2005/03/25 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe:*:Enabled:ctfmon
[2007/02/18 13:05:48 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\runonce.exe:*:Enabled:runonce
[2003/08/06 16:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:WINWORD
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Covenant Eyes NSP for TCP services] -- C:\WINDOWS\system32\nmNsp.dll ()
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 14:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 21:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 16:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 18:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/25 07:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/02/10 08:52:22 | 08,360,960 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B51908-02EF-453B-87A9-815182E8C2F2}"=iTunes
"{025C3792-E9C6-432A-92C1-661F99D021CA}"=Ulead Photo Explorer 8.5 SE
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{08C5C5DC-E56F-2691-B577-24AA7992883D}"=CCC Help English
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{111E336D-30BF-4CD4-8D69-4541732AFB27}"=Peter Jackson's King Kong - The Official Game of the Movie
"{17D2AF72-1448-4C43-A1C4-842757E4DEB6}"=Cabela's Big Game Hunter - Alaskan Adventures
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{28E66EE0-17F0-71C7-CC7C-FAF42C08AE64}"=Catalyst Control Center Graphics Full Existing
"{29521505-F489-4822-ADFA-32C6DEE4F114}"=TurboTax 2008 WinPerUserEducation
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}"=3DMark05
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update 1
"{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}"=The Chronicles of Narnia
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
"{3D374523-CFDE-461A-827E-2A102E2AB365}"=Star Wars Battlefront II
"{548EAC70-EE00-11DD-908C-005056806466}"=Google Earth
"{5AC5ED2E-2936-4B54-A429-703F9034938E}"=Covenant Eyes
"{5E863175-E85D-44A6-8968-82507D34AE7F}"=QuickTime
"{619B8475-0F48-41B7-A370-5147F7092989}"=Virtual Earth 3D (Beta)
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}"=Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}"=WeatherBug
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}"=TurboTax 2008 WinPerFedFormset
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}"=3DMark06
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}"=TurboTax 2008 WinPerReleaseEngine
"{8F150700-39E7-79AC-80DE-4A937D7D8D30}"=Catalyst Control Center Core Implementation
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{92AF2F5A-4407-4A03-A80A-5A2582264746}"=Crysis(R) SP Demo
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}"=AnswerWorks 5.0 English Runtime
"{A1570582-F77D-9272-BA3D-E97B71AD3E23}"=ccc-core-static
"{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"{A69F83B6-1AB1-97C6-A76B-79CE7B87042C}"=ccc-core-preinstall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{ACC2CB83-5C44-4221-9E08-43A0DD071CE7}"=Cabela's African Safari
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}"=TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}"=TurboTax 2008 WinPerTaxSupport
"{B349B1C0-9920-9C91-AFF3-0D727A6E49C5}"=Skins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{C23C2D03-778A-F358-37BC-8C005BC69ABE}"=Catalyst Control Center Graphics Full New
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}"=AVIVO Codecs
"{C9DCF88C-FBF4-CC42-3721-416ACE06A9BD}"=Catalyst Control Center Graphics Previews Common
"{CCDD8C24-EB4A-4BCC-BAFD-4812F9B70FDE}"=TurboTax 2008 wokiper
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF404C21-47EB-4FA5-B920-91746874ED43}"=Ulead Photo Express My Scrapbook 2.0
"{D17C4B85-A12C-442F-81A6-21EAB64F014A}"=Cabela's Trophy Bucks
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}"=Google SketchUp 7
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}"=TurboTax 2008 WinPerProgramHelp
"{E86E8B33-0497-50AE-D383-C80D14F80F05}"=Catalyst Control Center Graphics Light
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8CF44C8-6295-417B-8B04-AAB39F1BB649}_is1"=Call of Juarez SP Demo
"{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}"=Call of Duty(R) 2 Demo
"{FC92B547-87C7-4A3E-B5C9-F289D6CB43C2}"=ATI Demo - Toy Shop (v1.2)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1947ed9c549f680a9ed3f1fdbb9337a4"=Myst V End Of Ages
"Ad-Aware"=Ad-Aware
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"BroadJump Client Foundation"=BroadJump Client Foundation
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"Deer Hunter 2005_is1"=Deer Hunter - The 2005 Season
"Deer Hunter Tournament_is1"=Deer Hunter Tournament
"Emote-Launcher"=Emote-Launcher (remove only)
"ERUNT_is1"=ERUNT 1.1j
"HijackThis"=HijackThis 2.0.2
"InstallShield_{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}"=The Chronicles of Narnia
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}"=Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}"=Call of Duty(R) 2 Demo
"iTurbo"=HIS iTurbo 1.10.4
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"RealPlayer 6.0"=RealPlayer
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6"=Microsoft Flight Simulator X Service Pack 1
"TripleAVersion1_0_0_3"=TripleA Version 1_0_0_3
"TurboTax 2008"=TurboTax 2008
"VueScan"=VueScan
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"WinGimp-2.0_is1"=GIMP 2.4.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/28/2009 2:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 3:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 3:05:29 AM | Computer Name = STEVO7 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 3/28/2009 4:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 5:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 6:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 7:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 8:02:32 AM | Computer Name = STEVO7 | Source = Google Update | ID = 20
Description =
Error - 3/28/2009 9:01:55 AM | Computer Name = STEVO7 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/28/2009 2:35:40 PM | Computer Name = STEVO7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.3790.1830, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 3/29/2009 4:32:34 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/30/2009 11:09:41 AM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 3/30/2009 11:09:41 AM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/30/2009 11:09:41 AM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/30/2009 6:26:21 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 3/30/2009 6:26:21 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/30/2009 6:26:21 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/30/2009 7:22:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 3/30/2009 7:22:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/30/2009 7:22:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
< End of report >
Hi again,
Do you have any antivirus program in use (I don't mean antispyware programs like Spybot or MBAM)?
Download the HostsXpert (http://www.majorgeeks.com/Hoster_d4626.html).
* Unzip HostsXpert to a convenient folder such as C:\HostsXpert
* Click HostsXpert.exe to Run HostsXpert from its new home
* Click
Make Hosts Writable?
in the upper right corner (If available).
* Click Restore Microsoft's Hosts file and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 13 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
We need to execute an OTMoveIt3 script
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop.
Double click theOTMoveIt3 icon on your desktop.
Paste the following code under the Paste Fix Here area. Do not include the word
Code
.
:Files
C:\WINDOWS\SysWOW64\ribodapi.dll
C:\WINDOWS\System32\wahxas.dll
C:\WINDOWS\System32\owelee.dll
C:\WINDOWS\System32\bhoium.dll
C:\WINDOWS\System32\tasijapo.dll
C:\WINDOWS\System32\sakalimo.dll
C:\WINDOWS\System32\bupuzedu
C:\WINDOWS\System32\kiwowive.dll
C:\WINDOWS\System32\rahurite.dll
C:\WINDOWS\System32\buhedina.dll
C:\WINDOWS\System32\tiyebuki.dll
C:\WINDOWS\System32\beziseno.dll
C:\WINDOWS\System32\polekove.dll
C:\WINDOWS\System32\kabujupe.dll
:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ff9603-232c-4c4c-948e-ecf7ecac8318}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jaziviweje"=-
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=-
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=-
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=-
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""
Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh OTViewIt.txt contents.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
platypusvet
2009-04-01, 02:25
I do not currently have an antivirus program installed. Here are the OTMoveIt results. The fresh OTViewIt log follows in the next post.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\SysWOW64\ribodapi.dll
C:\WINDOWS\SysWOW64\ribodapi.dll NOT unregistered.
C:\WINDOWS\SysWOW64\ribodapi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wahxas.dll
C:\WINDOWS\System32\wahxas.dll NOT unregistered.
C:\WINDOWS\System32\wahxas.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\owelee.dll
C:\WINDOWS\System32\owelee.dll NOT unregistered.
C:\WINDOWS\System32\owelee.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bhoium.dll
C:\WINDOWS\System32\bhoium.dll NOT unregistered.
C:\WINDOWS\System32\bhoium.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\tasijapo.dll
C:\WINDOWS\System32\tasijapo.dll NOT unregistered.
C:\WINDOWS\System32\tasijapo.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\sakalimo.dll
C:\WINDOWS\System32\sakalimo.dll NOT unregistered.
C:\WINDOWS\System32\sakalimo.dll moved successfully.
C:\WINDOWS\System32\bupuzedu moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kiwowive.dll
C:\WINDOWS\System32\kiwowive.dll NOT unregistered.
C:\WINDOWS\System32\kiwowive.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rahurite.dll
C:\WINDOWS\System32\rahurite.dll NOT unregistered.
C:\WINDOWS\System32\rahurite.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\buhedina.dll
C:\WINDOWS\System32\buhedina.dll NOT unregistered.
C:\WINDOWS\System32\buhedina.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tiyebuki.dll
C:\WINDOWS\System32\tiyebuki.dll NOT unregistered.
C:\WINDOWS\System32\tiyebuki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\beziseno.dll
C:\WINDOWS\System32\beziseno.dll NOT unregistered.
C:\WINDOWS\System32\beziseno.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\polekove.dll
C:\WINDOWS\System32\polekove.dll NOT unregistered.
C:\WINDOWS\System32\polekove.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kabujupe.dll
C:\WINDOWS\System32\kabujupe.dll NOT unregistered.
C:\WINDOWS\System32\kabujupe.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ff9603-232c-4c4c-948e-ecf7ecac8318}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\jaziviweje deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 03312009_181937
platypusvet
2009-04-01, 02:32
OTViewIt logfile created on: 3/31/2009 6:26:09 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.37% Memory free
3.87 Gb Paging File | 3.26 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 195.42 Gb Free Space | 69.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVO7
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[2005/02/25 19:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
[2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2009/01/24 19:53:13 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2005/03/25 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe
[2005/08/30 19:53:34 | 00,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2005/10/26 10:34:44 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe
[2006/08/31 07:18:48 | 00,114,688 | ---- | M] () -- C:\Program Files (x86)\HIS iTurbo\iTurbo.exe
[2007/02/16 12:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe
[2007/03/02 17:24:28 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
[2002/09/10 23:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
[2008/06/08 13:00:07 | 01,192,088 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
[2009/03/09 14:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
[2008/06/08 13:00:07 | 00,270,488 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
[2009/03/31 18:10:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
[2009/03/27 21:53:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2005/03/25 07:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/03/30 17:28:24 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/10/23 23:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (Ati HotKey Poller [Auto | Running])
[2007/11/02 00:05:00 | 00,660,992 | ---- | M] () -- C:\WINDOWS\system32\ati2saag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/23 23:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (dmadmin [On_Demand | Stopped])
File not found -- -- (Eventlog [Auto | Running])
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9a01db5bf260e [Auto | Stopped])
[2007/05/27 13:14:48 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Stopped])
[2007/02/18 13:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (MSDTC [On_Demand | Stopped])
[2007/02/18 13:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (NVSvc [Auto | Stopped])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (TlntSvr [Disabled | Stopped])
[2005/03/25 07:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
File not found -- -- (vds [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
[2006/11/03 20:36:20 | 00,014,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
[2009/03/31 18:10:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
========== Driver Services ==========
File not found -- -- (ACPI [Boot | Running])
File not found -- -- (ADIHdAudAddService [On_Demand | Running])
File not found -- -- (AFD [System | Running])
File not found -- -- (Arp1394 [On_Demand | Running])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (ati2mtag [On_Demand | Running])
File not found -- -- (ATIAVAIW [On_Demand | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (FltMgr [Boot | Running])
File not found -- -- (Ftdisk [Boot | Running])
[2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (HDAudBus [On_Demand | Running])
File not found -- -- (HTTP [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (kmixer [On_Demand | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
File not found -- -- (Lbd [Boot | Running])
[2005/03/25 07:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (ms_mpu401 [On_Demand | Running])
File not found -- -- (MTsensor [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (NIC1394 [On_Demand | Running])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
File not found -- -- (Null [System | Running])
File not found -- -- (nvata64 [Boot | Running])
File not found -- -- (NVENETFD [On_Demand | Running])
File not found -- -- (nvnetbus [On_Demand | Running])
File not found -- -- (ohci1394 [Boot | Running])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (Processor [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
[2005/05/24 22:39:14 | 00,007,168 | ---- | M] () -- C:\Program Files (x86)\HIS iTurbo\RTCore64.sys -- (RTCore64 [On_Demand | Running])
[2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (SenFiltService [On_Demand | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (sfdrv01 [Boot | Running])
File not found -- -- (sfhlp02 [Boot | Running])
File not found -- -- (sfsync02 [Boot | Running])
File not found -- -- (sr [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
File not found -- -- (VolSnap [Boot | Running])
File not found -- -- (Wanarp [On_Demand | Running])
[2005/03/25 07:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])
File not found -- -- (WS2IFSL [System | Running])
[2005/10/19 21:34:02 | 00,007,680 | ---- | M] (Overclocking Tool) -- C:\Program Files (x86)\HIS iTurbo\atillk64.sys -- (atillk64 [Disabled | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig?hl=en
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig?hl=en
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (1078 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
82.98.235.133 browser-security.microsoft.com
82.98.235.133 url.adtrgt.com
82.98.235.133 best-click-scanner.info
82.98.235.133 antivirus-xp-pro-2009.com
82.98.235.133 microsoft.infosecuritycenter.com
82.98.235.133 microsoft.softwaresecurityhelp.com
82.98.235.133 onlinenotifyq.net
82.98.235.133 antivirusxp-pro-2009.com
82.98.235.133 microsoft.browser-security-center.com
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216} (HKLM) -- C:\WINDOWS\SysWow64\ribodapi.dll File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
platypusvet
2009-04-01, 02:33
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ad-Watch"="C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)
"BJCFD"="C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe" ()
"CPM63b41ba0"=Rundll32.exe "c:\windows\system32\gonihuha.dll",a ()
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
"iTurbo"="C:\Program Files (x86)\HIS iTurbo\iTurbo.exe" /s ()
"jaziviweje"=Rundll32.exe "C:\WINDOWS\SysWow64\ribodapi.dll",s File not found
"NMSVC"=C:\Program Files (x86)\CE\nmSvc.exe ()
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe File not found
"SoundMAX"="C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"x3watch"="C:\Program Files (x86)\X3watch\x3watch.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe (Ahead Software)
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe (Ahead Software)
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sbcglobal.net: * in Trusted sites
sbcglobal.net: http in Trusted sites
sbcglobal.net: https in Trusted sites
yahoo.com: * in Trusted sites
yahoo.com: http in Trusted sites
yahoo.com: https in Trusted sites
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sbcglobal.net: * in Trusted sites
sbcglobal.net: http in Trusted sites
sbcglobal.net: https in Trusted sites
yahoo.com: * in Trusted sites
yahoo.com: http in Trusted sites
yahoo.com: https in Trusted sites
48 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}: http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab -- SentinelVE3D Class
{11260943-421B-11D0-8EAC-0000C07D88CF}: http://www.ipix.com/download/ipixx.cab -- iPIX ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{1F0C5B7A-0F6D-4CBB-8588-4EF6E3F7D8CA} (Servers: | Description: )
{30029412-16DB-433E-A430-0C67CF667E78} (Servers: | Description: 1394 Net Adapter)
{66E9D6B2-5037-407F-ABEE-F4A163408C20} (Servers: | Description: NVIDIA nForce Networking Controller)
========== (O20) AppInit_DLLs ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\SysWow64\ribodapi.dll c:\windows\system32\gonihuha.dll
>File not found -- C:\WINDOWS\SysWow64\ribodapi.dll
>[2009/03/31 18:20:02 | 00,094,720 | -HS- | M] () -- c:\WINDOWS\system32\gonihuha.dll
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/02/18 13:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe
"System"=lsass.exe
>File not found --
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\SysWOW64\gonihuha.dll (Adobe Systems Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
========== (O22) Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\SysWOW64\gonihuha.dll (Adobe Systems Incorporated)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2006/12/29 21:28:05 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[2009/03/31 18:19:37 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/31 18:16:08 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/03/31 18:10:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/03/31 17:59:20 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 17:59:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/03/31 17:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HostXpert
[2009/03/31 17:51:05 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip
[2009/03/30 17:30:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/03/30 17:30:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 17:30:56 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 17:30:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/30 17:30:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 17:30:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/03/30 17:28:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/03/30 17:28:17 | 02,906,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/03/28 12:12:58 | 00,001,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/28 12:12:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/03/28 12:12:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\3-28-2009
[2009/03/28 12:11:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/03/28 12:10:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 12:09:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/28 12:07:51 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Instructions.doc
[2009/03/28 08:22:21 | 00,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/28 08:15:45 | 00,153,144 | ---- | C] (Antimalware Development a.s.) -- C:\Documents and Settings\Administrator\Desktop\ewido_micro.exe
[2009/03/28 08:00:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/03/28 08:00:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/28 07:58:19 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/03/27 19:38:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/27 19:38:52 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/27 19:38:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/03/27 19:38:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/03/27 19:38:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/03/24 19:23:23 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2009/03/23 18:52:02 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/23 18:48:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2009/03/22 16:31:37 | 00,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/22 16:23:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/22 16:22:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/03/22 16:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/15 15:53:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/15 15:53:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/09 18:31:40 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VueScan.lnk
[2009/03/09 18:31:39 | 00,000,000 | ---D | C] -- C:\VueScan
[2009/03/08 22:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Sketch-UP
[2009/03/06 21:17:42 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nepali recipes.doc
========== Files - Modified Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/31 18:27:26 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\bupuzedu
[2009/03/31 18:20:02 | 00,094,720 | -HS- | M] () -- C:\WINDOWS\System32\gonihuha.dll
[2009/03/31 18:20:02 | 00,089,600 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\zukogulu.dll
[2009/03/31 18:20:02 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\helileve.exe
[2009/03/31 18:16:09 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/03/31 18:11:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/31 18:07:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/31 18:07:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/31 17:59:20 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 17:51:06 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip
[2009/03/31 06:55:29 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\mayonibe.exe
[2009/03/30 17:30:56 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 17:29:23 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Instructions.doc
[2009/03/30 17:28:24 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/03/30 17:28:18 | 02,906,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/03/29 16:32:01 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/28 12:12:58 | 00,001,788 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/28 12:10:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 12:09:27 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/28 08:22:21 | 00,000,306 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/28 08:15:46 | 00,153,144 | ---- | M] (Antimalware Development a.s.) -- C:\Documents and Settings\Administrator\Desktop\ewido_micro.exe
[2009/03/28 07:59:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/03/27 19:38:52 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 06:26:23 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/03/24 19:11:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/21 08:03:01 | 00,000,037 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\TheHunterSettings.cfg
[2009/03/15 16:05:18 | 00,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/15 15:53:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/15 15:53:51 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/14 13:27:54 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:28:02 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 18:31:40 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VueScan.lnk
[2009/03/06 21:17:43 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nepali recipes.doc
< End of report >
platypusvet
2009-04-01, 02:34
OTViewIt Extras logfile created on: 3/31/2009 6:26:09 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.37% Memory free
3.87 Gb Paging File | 3.26 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 195.42 Gb Free Space | 69.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVO7
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/03/25 07:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2007/03/02 17:24:20 | 14,672,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/02/10 11:48:12 | 09,187,328 | ---- | M] () -- C:\Program Files (x86)\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
[2007/10/22 20:07:42 | 02,667,744 | ---- | M] (Crytek GmbH) -- C:\Program Files (x86)\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo
[2008/09/30 21:48:24 | 10,738,208 | ---- | M] (Southlogic Studios) -- C:\Program Files (x86)\Deer Hunter Tournament\DHT.exe:*:Enabled:Deer Hunter Tournament
[2008/09/29 20:02:38 | 00,750,864 | ---- | M] (Southlogic Studios) -- C:\Program Files (x86)\Deer Hunter Tournament\Updater.exe:*:Enabled:Deer Hunter Tournament Current Updater
[2007/08/29 11:55:54 | 01,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe:*:Enabled:Weather
[2007/02/16 12:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe:*:Enabled:qttask
[2009/02/17 11:44:46 | 04,204,544 | ---- | M] () -- C:\Program Files (x86)\Emote\Launcher\launcher.exe:*:Enabled:launcher
[2005/03/25 07:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rundll32.exe:*:Enabled:rundll32
[2005/02/25 19:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe:*:Enabled:mssysmgr
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe:*:Enabled:iPodService
File not found -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:reader_sl
[2005/10/26 10:34:44 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe:*:Enabled:Smax4
[2002/09/10 23:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe:*:Enabled:CFD
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate
[2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:msmsgs
[2007/03/02 17:24:28 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Enabled:Intuit Update Shared Downloads Server
[2005/03/25 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe:*:Enabled:ctfmon
[2007/02/18 13:05:48 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\runonce.exe:*:Enabled:runonce
[2003/08/06 16:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:WINWORD
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Covenant Eyes NSP for TCP services] -- C:\WINDOWS\system32\nmNsp.dll ()
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 14:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 21:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 16:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 18:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/25 07:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/02/10 08:52:22 | 08,360,960 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B51908-02EF-453B-87A9-815182E8C2F2}"=iTunes
"{025C3792-E9C6-432A-92C1-661F99D021CA}"=Ulead Photo Explorer 8.5 SE
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{08C5C5DC-E56F-2691-B577-24AA7992883D}"=CCC Help English
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{111E336D-30BF-4CD4-8D69-4541732AFB27}"=Peter Jackson's King Kong - The Official Game of the Movie
"{17D2AF72-1448-4C43-A1C4-842757E4DEB6}"=Cabela's Big Game Hunter - Alaskan Adventures
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java(TM) 6 Update 13
"{28E66EE0-17F0-71C7-CC7C-FAF42C08AE64}"=Catalyst Control Center Graphics Full Existing
"{29521505-F489-4822-ADFA-32C6DEE4F114}"=TurboTax 2008 WinPerUserEducation
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}"=3DMark05
"{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}"=The Chronicles of Narnia
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
"{3D374523-CFDE-461A-827E-2A102E2AB365}"=Star Wars Battlefront II
"{548EAC70-EE00-11DD-908C-005056806466}"=Google Earth
"{5AC5ED2E-2936-4B54-A429-703F9034938E}"=Covenant Eyes
"{5E863175-E85D-44A6-8968-82507D34AE7F}"=QuickTime
"{619B8475-0F48-41B7-A370-5147F7092989}"=Virtual Earth 3D (Beta)
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}"=Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}"=WeatherBug
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}"=TurboTax 2008 WinPerFedFormset
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}"=3DMark06
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}"=TurboTax 2008 WinPerReleaseEngine
"{8F150700-39E7-79AC-80DE-4A937D7D8D30}"=Catalyst Control Center Core Implementation
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{92AF2F5A-4407-4A03-A80A-5A2582264746}"=Crysis(R) SP Demo
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}"=AnswerWorks 5.0 English Runtime
"{A1570582-F77D-9272-BA3D-E97B71AD3E23}"=ccc-core-static
"{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"{A69F83B6-1AB1-97C6-A76B-79CE7B87042C}"=ccc-core-preinstall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}"=Adobe Reader 9.1
"{ACC2CB83-5C44-4221-9E08-43A0DD071CE7}"=Cabela's African Safari
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}"=TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}"=TurboTax 2008 WinPerTaxSupport
"{B349B1C0-9920-9C91-AFF3-0D727A6E49C5}"=Skins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{C23C2D03-778A-F358-37BC-8C005BC69ABE}"=Catalyst Control Center Graphics Full New
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}"=AVIVO Codecs
"{C9DCF88C-FBF4-CC42-3721-416ACE06A9BD}"=Catalyst Control Center Graphics Previews Common
"{CCDD8C24-EB4A-4BCC-BAFD-4812F9B70FDE}"=TurboTax 2008 wokiper
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF404C21-47EB-4FA5-B920-91746874ED43}"=Ulead Photo Express My Scrapbook 2.0
"{D17C4B85-A12C-442F-81A6-21EAB64F014A}"=Cabela's Trophy Bucks
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}"=Google SketchUp 7
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}"=TurboTax 2008 WinPerProgramHelp
"{E86E8B33-0497-50AE-D383-C80D14F80F05}"=Catalyst Control Center Graphics Light
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8CF44C8-6295-417B-8B04-AAB39F1BB649}_is1"=Call of Juarez SP Demo
"{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}"=Call of Duty(R) 2 Demo
"{FC92B547-87C7-4A3E-B5C9-F289D6CB43C2}"=ATI Demo - Toy Shop (v1.2)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1947ed9c549f680a9ed3f1fdbb9337a4"=Myst V End Of Ages
"Ad-Aware"=Ad-Aware
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"BroadJump Client Foundation"=BroadJump Client Foundation
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"Deer Hunter 2005_is1"=Deer Hunter - The 2005 Season
"Deer Hunter Tournament_is1"=Deer Hunter Tournament
"Emote-Launcher"=Emote-Launcher (remove only)
"ERUNT_is1"=ERUNT 1.1j
"HijackThis"=HijackThis 2.0.2
"InstallShield_{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}"=The Chronicles of Narnia
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}"=Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}"=Call of Duty(R) 2 Demo
"iTurbo"=HIS iTurbo 1.10.4
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"RealPlayer 6.0"=RealPlayer
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6"=Microsoft Flight Simulator X Service Pack 1
"TripleAVersion1_0_0_3"=TripleA Version 1_0_0_3
"TurboTax 2008"=TurboTax 2008
"VueScan"=VueScan
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"WinGimp-2.0_is1"=GIMP 2.4.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/31/2009 7:24:16 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:33 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:34 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:35 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:36 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:37 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:38 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:39 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:39 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:40 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 3/30/2009 7:22:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/31/2009 7:55:09 AM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 3/31/2009 7:55:09 AM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/31/2009 7:55:09 AM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/31/2009 6:34:03 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 3/31/2009 6:34:03 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/31/2009 6:34:03 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/31/2009 7:08:00 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 3/31/2009 7:08:00 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 3/31/2009 7:08:01 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
< End of report >
Hi again,
Upload following file to http://www.virustotal.com and post back the results:
C:\WINDOWS\SysWOW64\shell32.dll
Disable Ad-Watch (http://www.lavasoftsupport.com/index.php?showtopic=19804)
Start hjt, do a system scan, check (if found):
F2 - REG:system.ini: UserInit=userinit
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
Close browsers and fix checked.
We need to execute an OTMoveIt3 script
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop.
Double click theOTMoveIt3 icon on your desktop.
Paste the following code under the Paste Fix Here area. Do not include the word
Code
.
:Files
c:\windows\system32\gonihuha.dll
C:\WINDOWS\System32\bupuzedu.dll
C:\WINDOWS\System32\zukogulu.dll
C:\WINDOWS\System32\helileve.exe
C:\WINDOWS\System32\mayonibe.exe
:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPM63b41ba0"=-
"jaziviweje"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh OTViewIt.txt contents (don't have to post extra).
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/us/languages/english/check.html?n=1225554235248)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read the requirements and privacy statement then click on the Accept button.
The program will launch and start to download the latest definition files.
You will be prompted to install an application from Kaspersky. Click Run
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
Click on Save Report As....
Change the Files of type to Text file (.txt) before clicking on the Save button.
Save this report to a convenient place.
Copy and paste that information into your topic.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
platypusvet
2009-04-01, 20:49
OK,
I scanned shell32.dll and disabled ad-watch. I am going to go ahead with the other scans/fixes now. Here are the results from the Virus Total scan of shell32.dll:
File has already been analysed:
MD5: 2b363a11ae6d5850302cf0af92947f78
First received: -
Date: 03.13.2009 12:25:01 (CET) [>19D]
Results: 0/39
Permalink: analisis/ff4c473a23ad816a894243525e48be4a
File shell32.dll received on 03.13.2009 12:20:57 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.12 -
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.12 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5551 2009.03.12 -
McAfee+Artemis 5551 2009.03.12 -
McAfee-GW-Edition 6.7.6 2009.03.13 -
Microsoft 1.4405 2009.03.13 -
NOD32 3934 2009.03.13 -
Norman 6.00.06 2009.03.12 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.12 -
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.5.11.0 2009.03.13 -
Additional information
File size: 8360960 bytes
MD5...: 2b363a11ae6d5850302cf0af92947f78
SHA1..: 7362ad92a80d620015663cb53ad3ffa5d7e30ffc
SHA256: f70747d5e38a4ae8a04bb915049b1bf45cd774aab7196bbeb665880d3f83c24d
SHA512: c9038f572610f88409d1ebc3f6e571cd0a8de01ef32748086ad4c3891860def2<br>19d9f89cf854ada28a32209a6f10bf691c9e140cbe261040ebdd3b2e87213432
ssdeep: 98304:8FT/YzeIXWcn7+ccWSPYhqBvIKmkGDGUlVqEF4dHl8At98rpRIQyNL9rjp<br>e5n5y0:e/YzSOqccxNBgBfbqNLGBfG5k<br>
PEiD..: -
TrID..: File type identification<br>DirectShow filter (42.3%)<br>Windows OCX File (25.9%)<br>Win64 Executable Generic (17.9%)<br>Win32 Executable MS Visual C++ (generic) (7.9%)<br>Win 9x/ME Control Panel applet (3.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5bb9b<br>timedatestamp.....: 0x485819a8 (Tue Jun 17 20:08:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2012dc 0x201400 6.49 58722020ddd707adfa52fa3316f79112<br>.data 0x203000 0x1c090 0x1a400 0.96 07d332e11dc8174480714a695c0db8e2<br>.rsrc 0x220000 0x5c31a8 0x5c3200 5.48 2e1974cbebba412bbb8d29df46f2cedd<br>.reloc 0x7e4000 0x1a570 0x1a600 6.76 89ea3170ad45ef671bf51e68fbb21cef<br><br>( 8 imports ) <br>> msvcrt.dll: memmove, _except_handler3, wcslen, wcscmp, _wcsicmp, wcscpy, _strnicmp, _local_unwind2, _snwprintf, wcsncmp, atoi, _onexit, __dllonexit, _adjust_fdiv, _initterm, qsort, wcstok, _iob, fwrite, strtol, _wtoi, _itow, wcsncpy, swscanf, _vsnprintf, free, realloc, malloc, _vsnwprintf<br>> ntdll.dll: RtlRandomEx, RtlDowncaseUnicodeString, RtlOemStringToUnicodeString, RtlInitString, RtlPrefixString, NtFsControlFile, NtCreateFile, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, RtlGetNtProductType, NtQuerySystemInformation, RtlDosPathNameToNtPathName_U, NtQueryVolumeInformationFile, NtEnumerateValueKey, NtOpenKey, RtlCreateEnvironment, RtlSetCurrentEnvironment, RtlDestroyEnvironment, RtlExpandEnvironmentStrings_U, RtlInitUnicodeStringEx, RtlQueryEnvironmentVariable_U, NtSetInformationFile, RtlNtStatusToDosError, RtlInitUnicodeString, RtlSetEnvironmentVariable, RtlImageNtHeader, RtlDosPathNameToRelativeNtPathName_U, NtOpenFile, RtlReleaseRelativeName, RtlFreeHeap, NtQueryInformationFile, RtlUnicodeStringToOemString, NtClose<br>> GDI32.dll: Ellipse, CreatePen, FillRgn, CreateSolidBrush, CombineRgn, CreateRectRgn, OffsetRgn, CreateEllipticRgnIndirect, ExtTextOutW, SetBkColor, GetStockObject, GetDeviceCaps, CreateICW, Pie, SetTextColor, BitBlt, GetTextExtentPoint32W, CreateFontA, AddFontResourceW, GetTextMetricsW, EnumFontFamiliesA, GetNearestColor, GetObjectW, CreateCompatibleBitmap, CreateFontIndirectW, EnumFontFamiliesExW, CreateDCW, GetTextFaceW, SetFontEnumeration, TranslateCharsetInfo, GetPixel, RealizePalette, SelectPalette, RectVisible, CreateDIBSection, GetBitmapBits, CreateBitmap, CreateDIBitmap, GdiFlush, TextOutW, SetBkMode, GetDIBColorTable, CreateRectRgnIndirect, RestoreDC, SetViewportOrgEx, SetWindowOrgEx, SetMapMode, SaveDC, LPtoDP, DeleteMetaFile, CloseMetaFile, SetWindowExtEx, CreateMetaFileW, SetStretchBltMode, SetLayout, GetBkColor, GetClipBox, SetRectRgn, GetDIBits, GetPaletteEntries, StretchDIBits, Rectangle, SetDIBits, CreateBitmapIndirect, GetClipRgn, SelectClipRgn, SetPixel, ExtFloodFill, CreatePalette, CreatePatternBrush, IntersectClipRect, CreateHalftonePalette, GetNearestPaletteIndex, Arc, MoveToEx, LineTo, GetTextExtentPointW, CreateCompatibleDC, SelectObject, StretchBlt, DeleteDC, DeleteObject, TextOutA, GetTextExtentPoint32A, GetObjectA, DeleteEnhMetaFile, SetTextAlign, PlayEnhMetaFile, SetBrushOrgEx, GetBrushOrgEx, CreateDIBPatternBrushPt, GetLayout, ExtTextOutA, PatBlt<br>> USER32.dll: PrivateExtractIconExW, PrivateExtractIconExA, SetShellWindowEx, GetTaskmanWindow, SetTaskmanWindow, AnimateWindow, AdjustWindowRectEx, NotifyWinEvent, SystemParametersInfoA, HideCaret, ShowCaret, LockSetForegroundWindow, TrackPopupMenuEx, SetMenu, CreateWindowExW, CreateDialogParamW, DialogBoxParamW, DefWindowProcA, SendMessageA, GetSystemMetrics, LoadStringW, ShowWindow, GetDlgItem, SendDlgItemMessageW, SetDlgItemTextW, GetDlgItemTextW, SetWindowTextW, GetWindowTextW, LoadImageW, EndPaint, GetClientRect, BeginPaint, SetWindowLongW, EndDialog, GetWindowLongW, IsCharUpperW, GetShellWindow, LoadCursorW, SetCursor, DestroyIcon, DestroyWindow, SetWindowPos, MapWindowPoints, GetWindowRect, GetKeyState, SendMessageW, LoadIconW, MessageBoxW, DeferWindowPos, EndDeferWindowPos, BeginDeferWindowPos, ReleaseDC, DrawTextW, GetDC, SetFocus, EnableWindow, SetPropW, IsWindowEnabled, GetPropW, MonitorFromWindow, PostMessageW, DispatchMessageW, TranslateMessage, IsDialogMessageW, PeekMessageW, SetForegroundWindow, MonitorFromPoint, GetCursorPos, GetWindow, SetTimer, GetMessageW, GetClassNameW, EnumWindows, CopyIcon, RemovePropW, GetWindowThreadProcessId, IsWindow, GetLastActivePopup, GetSysColor, PrivateExtractIconsW, CreateIconIndirect, GetIconInfo, LookupIconIdFromDirectory, ScreenToClient, UpdateWindow, LoadStringA, MessageBoxA, GetWindowTextA, InvalidateRect, DrawFocusRect, DrawIcon, WinHelpW, SendNotifyMessageW, GetAncestor, ExitWindowsEx, EnableMenuItem, GetAsyncKeyState, EqualRect, IntersectRect, GetMonitorInfoW, IsWindowVisible, GetForegroundWindow, RegisterWindowMessageW, SendMessageTimeoutW, DefWindowProcW, RegisterClassW, GetClassInfoW, FindWindowW, SwitchToThisWindow, GetParent, OffsetRect, MessageBeep, CharNextA, CharNextW, IsCharAlphaW, CharUpperW, CharUpperA, CharToOemBuffA, OemToCharBuffA, UnregisterClassW, GetSysColorBrush, CopyRect, InflateRect, TabbedTextOutW, GrayStringW, FillRect, DrawFrameControl, DrawEdge, CheckDlgButton, IsIconic, GetWindowPlacement, MapVirtualKeyW, SetDlgItemTextA, IsDlgButtonChecked, GetDlgItemTextA, GetDlgItemInt, EnumChildWindows, SetDlgItemInt, GetNextDlgTabItem, FrameRect, CheckRadioButton, GetDlgCtrlID, GetFocus, IsChild, LoadBitmapW, MonitorFromRect, MoveWindow, AdjustWindowRect, SetRect, SystemParametersInfoW, CloseDesktop, OpenInputDesktop, GetWindowModuleFileNameW, AllowSetForegroundWindow, RegisterDeviceNotificationW, UnregisterDeviceNotification, GetMessagePos, DeleteMenu, InsertMenuItemW, CreatePopupMenu, GetMenuItemInfoW, InsertMenuW, GetMenuItemCount, TrackPopupMenu, GetUserObjectInformationW, GetThreadDesktop, GetProcessWindowStation, RegisterClipboardFormatW, CharLowerW, LoadMenuW, DestroyMenu, GetClipboardOwner, CountClipboardFormats, ModifyMenuW, GetMenuState, GetMenuDefaultItem, SetMenuDefaultItem, SetMenuItemInfoW, GetMenuItemID, KillTimer, AppendMenuW, CheckMenuRadioItem, FindWindowExW, SetClipboardViewer, PtInRect, GetScrollInfo, GetDoubleClickTime, LoadAcceleratorsW, RedrawWindow, GetSubMenu, CreateMenu, CheckMenuItem, ChangeClipboardChain, DestroyAcceleratorTable, TranslateAcceleratorW, ClientToScreen, GetDesktopWindow, EnumDisplayDevicesW, GetDCEx, DestroyCursor, GetCursor, DrawIconEx, CopyImage, ShowCursor, UpdateLayeredWindow, LockWindowUpdate, BringWindowToTop, BroadcastSystemMessageW, SetActiveWindow, AttachThreadInput, GetWindowDC, SetCapture, ReleaseCapture, CallWindowProcW, RegisterClassExW, MsgWaitForMultipleObjects, PostThreadMessageW, SendMessageCallbackW, MsgWaitForMultipleObjectsEx, DeregisterShellHookWindow, RegisterShellHookWindow, FreeDDElParam, UnpackDDElParam, PackDDElParam, IsWindowUnicode, WaitForInputIdle, MessageBoxIndirectW, CloseClipboard, SetClipboardData, GetClipboardData, OpenClipboard, CharUpperBuffW, MapDialogRect, GetLastInputInfo, GetClassInfoExW, PostQuitMessage, RemoveMenu, SetScrollInfo, wsprintfW, SetWindowRgn, UnionRect, TrackMouseEvent, GetWindowTextLengthW, ChildWindowFromPoint, InvalidateRgn, CreateAcceleratorTableW, DrawStateW, GetScrollPos, GetCapture, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, WindowFromPoint, GetWindowRgn, GetUpdateRect, SetClassLongW, GetClassLongW, GetMenuStringW, ValidateRect, SetRectEmpty, GetWindowLongA, FindWindowA, DdeQueryConvInfo, DdeFreeStringHandle, DdeCreateStringHandleW, DdeCreateDataHandle, DdeNameService, DdeGetLastError, DdeGetData, DdeQueryStringW, DdeDisconnect, DdeUninitialize, DdeInitializeW, EnumDisplayMonitors, EnumDisplaySettingsW, SubtractRect, IsRectEmpty, SetParent, WaitMessage, PaintDesktop, DrawAnimatedRects, GetActiveWindow, GetDialogBaseUnits, DrawTextExW, CharPrevW<br>> KERNEL32.dll: MultiByteToWideChar, LocalReAlloc, LocalFree, lstrlenW, FreeLibrary, LoadLibraryExA, GetVersionExW, LocalAlloc, DelayLoadFailureHook, SetProcessWorkingSetSize, GetAtomNameW, FindAtomW, OutputDebugStringW, GlobalMemoryStatusEx, CompareStringW, GetVersionExA, CreateEventA, GetModuleHandleA, lstrcatW, VirtualQuery, VirtualAlloc, VirtualProtect, GlobalGetAtomNameW, FindFirstFileA, lstrcatA, FindNextFileA, HeapCreate, DeleteAtom, AddAtomW, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, CreateHardLinkW, LocalFileTimeToFileTime, GlobalMemoryStatus, VirtualFree, HeapReAlloc, HeapAlloc, SizeofResource, HeapFree, SetVolumeLabelW, GetPrivateProfileSectionNamesW, OpenThread, GetSystemDefaultLCID, CreateSemaphoreW, ResumeThread, WaitForMultipleObjects, ReleaseSemaphore, SetThreadPriority, RaiseException, FlushInstructionCache, GetLocalTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, GetFileInformationByHandle, GetPrivateProfileSectionW, GetStringTypeExW, GetTimeFormatW, DosDateTimeToFileTime, FileTimeToSystemTime, MoveFileExW, GetProcessHeap, ExitProcess, IsBadStringPtrW, CopyFileW, FindFirstChangeNotificationW, FindNextChangeNotification, FindCloseChangeNotification, GetSystemDefaultUILanguage, FindResourceExW, GetCurrentThread, IsBadStringPtrA, HeapDestroy, QueryPerformanceFrequency, IsBadWritePtr, GetOverlappedResult, GetDateFormatW, GetVolumePathNamesForVolumeNameW, CreateMutexW, ReleaseMutex, GetVolumeNameForVolumeMountPointW, DeviceIoControl, TlsGetValue, TlsSetValue, GetProfileSectionW, GetUserDefaultLCID, GetNumberFormatW, GetVolumePathNameW, FindFirstFileExW, InterlockedExchange, lstrlenA, CompareFileTime, ExpandEnvironmentStringsW, QueueUserAPC, GetExitCodeThread, WaitForSingleObjectEx, DuplicateHandle, ProcessIdToSessionId, WTSGetActiveConsoleSessionId, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, LoadLibraryA, GetBinaryTypeW, FreeEnvironmentStringsW, GetEnvironmentStringsW, EnumSystemLocalesW, GetLocaleInfoW, GetOEMCP, GetSystemInfo, GetShortPathNameA, GetFileAttributesA, GetSystemDefaultLangID, GetProfileIntW, GetPrivateProfileIntW, GetComputerNameW, GetCurrentProcess, GetFullPathNameA, GetFullPathNameW, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrcmpiA, lstrcpyA, GlobalReAlloc, lstrcpyW, VerLanguageNameW, InitializeCriticalSection, lstrcpynA, GetProfileStringW, WriteProfileStringW, EnumResourceNamesW, GetWindowsDirectoryW, GetTempPathW, GetLongPathNameW, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, RemoveDirectoryW, MoveFileW, GetCurrentThreadId, GetSystemTimeAsFileTime, GetSystemWindowsDirectoryW, GetExitCodeProcess, IsBadReadPtr, IsBadCodePtr, LoadLibraryExW, InterlockedCompareExchange, lstrcmpA, FormatMessageA, LocalSize, GetACP, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsFree, DeleteCriticalSection, GetModuleHandleW, GetCompressedFileSizeW, GetFileAttributesExW, GetLogicalDrives, FindResourceW, LoadResource, LockResource, FreeResource, SearchPathW, GlobalSize, _lclose, GlobalAlloc, GlobalLock, _lread, GlobalUnlock, GlobalFree, GetFileTime, lstrcpynW, WideCharToMultiByte, CreateProcessW, GetNativeSystemInfo, GlobalDeleteAtom, GlobalAddAtomW, SetThreadExecutionState, CreateDirectoryW, CreateDirectoryExW, MoveFileWithProgressW, WritePrivateProfileSectionW, SetFileTime, GetTempFileNameW, FormatMessageW, OpenEventW, WaitForSingleObject, ResetEvent, CreateEventW, SetEvent, GetCurrentDirectoryW, SetCurrentDirectoryW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, CopyFileExW, DeleteFileW, InterlockedIncrement, InterlockedDecrement, GetCurrentProcessId, OpenProcess, CreateActCtxW, GetModuleFileNameW, ReleaseActCtx, lstrcmpW, GetUserDefaultUILanguage, GetSystemDirectoryW, GetPrivateProfileStringW, Wow64EnableWow64FsRedirection, ActivateActCtx, SetErrorMode, UnhandledExceptionFilter, DeactivateActCtx, GetCommandLineW, LoadLibraryW, GetProcAddress, GetShortPathNameW, GetSystemTime, SystemTimeToFileTime, CreateThread, WritePrivateProfileStringW, CreateFileW, GetLastError, Sleep, ReadFile, GetDriveTypeW, GetVolumeInformationW, GetTickCount, SetFileAttributesW, SetLastError, lstrcmpiW, GetFileAttributesW, FindFirstFileW, FindNextFileW, FindClose, CloseHandle, SetEndOfFile, SetFilePointer, WriteFile, EnterCriticalSection, LeaveCriticalSection, QueryDosDeviceW, MulDiv<br>> ADVAPI32.dll: RegCloseKey, RegOpenKeyExW, GetFileSecurityW, RegCreateKeyExW, RegEnumValueW, SetFileSecurityW, TreeResetNamedSecurityInfoW, RegEnumKeyW, RegOpenKeyW, RegSetValueW, LookupAccountSidW, GetTokenInformation, OpenProcessToken, RegQueryValueExA, FreeSid, GetAce, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegQueryValueExW, RegDeleteValueW, RegSetValueExW, MakeSelfRelativeSD, GetSecurityDescriptorLength, EqualSid, GetSecurityDescriptorDacl, RegNotifyChangeKeyValue, RegCreateKeyW, GetSecurityDescriptorControl, EncryptFileW, DecryptFileW, ChangeServiceConfigW, StartServiceW, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, GetNamedSecurityInfoW, ConvertSidToStringSidW, RegOpenCurrentUser, LookupAccountNameW, SetNamedSecurityInfoW, CreateProcessWithLogonW, CreateProcessAsUserW, SaferGetPolicyInformation, SaferiIsExecutableFileType, SaferIdentifyLevel, SaferRecordEventLogEntry, SaferGetLevelInformation, InstallApplication, SaferCreateLevel, SaferComputeTokenFromLevel, SaferCloseLevel, RegQueryValueW, OpenThreadToken, CheckTokenMembership, RegOpenKeyExA, RegDeleteKeyW, RegEnumKeyExW, GetUserNameW, RegQueryInfoKeyW, RegSetKeySecurity, CommandLineFromMsiDescriptor, AdjustTokenPrivileges, LookupPrivilegeValueW, GetSecurityDescriptorOwner<br>> SHLWAPI.dll: SHAutoComplete, PathRemoveExtensionA, -, -, -, -, -, ColorRGBToHLS, ColorHLSToRGB, -, -, -, -, -, StrRetToBSTR, -, -, -, -, -, -, -, -, -, -, -, -, PathAddExtensionW, -, -, StrToIntA, -, -, -, PathCanonicalizeW, -, StrPBrkW, -, -, -, -, -, StrToInt64ExW, -, SHGetInverseCMAP, -, -, -, -, -, StrCatChainW, -, -, PathUnmakeSystemFolderW, -, PathBuildRootA, -, -, StrRetToStrW, wnsprintfA, -, PathGetArgsA, -, -, -, -, PathRelativePathToW, -, -, -, -, -, PathIsDirectoryA, StrDupA, SHQueryInfoKeyW, SHEnumKeyExW, -, -, SHCreateShellPalette, -, -, -, -, -, -, UrlIsA, UrlCombineA, PathCreateFromUrlA, StrFormatKBSizeW, SHCreateStreamOnFileEx, -, -, -, -, -, -, SHRegSetUSValueW, -, UrlGetLocationW, UrlGetPartW, -, -, SHCreateStreamOnFileW, -, SHRegQueryUSValueW, AssocQueryStringByKeyW, -, -, -, AssocIsDangerous, UrlApplySchemeW, SHIsLowMemoryMachine, UrlUnescapeW, UrlCombineW, UrlCreateFromPathW, -, -, AssocQueryKeyW, PathRenameExtensionW, -, -, -, SHRegSetPathW, -, -, -, StrCpyW, -, -, PathIsURLA, -, -, -, SHDeleteKeyA, -, -, -, -, -, PathCreateFromUrlW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHRegisterValidateTemplate, SHDeleteValueW, -, SHRegQueryInfoUSKeyW, SHRegEnumUSKeyW, -, -, -, -, SHRegOpenUSKeyW, SHRegEnumUSValueW, SHRegCloseUSKey, SHDeleteKeyW, -, -, -, -, SHGetThreadRef, -, GetMenuPosFromID, -, -, SHRegDuplicateHKey, StrToIntExW, -, -, -, -, -, -, StrCmpLogicalW, -, -, PathIsNetworkPathW, -, -, -, PathSkipRootW, -, -, -, SHSkipJunction, -, -, -, -, -, -, PathIsContentTypeW, SHSetValueW, SHRegGetUSValueW, SHCopyKeyW, SHStrDupW, -, -, SHRegGetBoolUSValueW, AssocCreate, -, StrCmpW, AssocGetPerceivedType, -, PathQuoteSpacesA, wvnsprintfW, StrTrimA, -, SHOpenRegStream2W, -, -, -, -, -, PathMakeSystemFolderW, PathUnExpandEnvStringsW, -, -, -, -, -, PathFindNextComponentW, PathAppendA, -, PathIsDirectoryW, PathIsURLW, PathParseIconLocationW, PathMatchSpecW, PathQuoteSpacesW, PathIsRootA, PathRemoveFileSpecA, PathRemoveBlanksW, PathRemoveArgsW, PathMakePrettyW, PathIsPrefixW, -, -, -, StrRetToBufW, -, -, -, -, -, -, PathIsUNCServerW, PathIsUNCServerShareW, PathGetArgsW, PathUnquoteSpacesW, UrlIsW, -, PathIsFileSpecW, PathFindOnPathW, StrCSpnW, SHRegGetValueW, -, -, PathCompactPathExW, StrCmpIW, IntlStrEqWorkerW, -, AssocQueryStringW, StrFormatByteSizeW, -, PathIsLFNFileSpecW, PathFindSuffixArrayW, -, -, -, -, -, -, -, -, -, -, -, StrChrA, StrChrIA, StrChrIW, StrChrW, StrCmpNA, StrCmpNIA, StrCmpNIW, StrCmpNW, StrRChrA, StrRChrIA, StrRChrIW, StrRChrW, StrRStrIA, StrRStrIW, StrStrA, StrStrIA, StrStrIW, StrStrW, SHQueryValueExW, StrCatBuffW, SHGetValueW, StrCpyNW, -, wnsprintfW, -, PathBuildRootW, PathCombineW, -, -, -, -, StrToIntW, PathFindFileNameW, -, PathIsDirectoryEmptyW, PathIsUNCW, PathGetDriveNumberW, -, -, PathStripToRootW, PathAppendW, PathRemoveBackslashW, PathFindExtensionW, -, -, PathCommonPrefixW, PathAddBackslashW, PathFileExistsW, -, PathRemoveFileSpecW, -, -, -, -, -, -, PathIsSameRootW, PathGetCharTypeW, StrDupW, -, -, -, PathSetDlgItemPathW, PathStripPathW, PathCompactPathW, PathIsRelativeW, PathRemoveExtensionW, PathIsRootW, PathFindFileNameA<br>> RPCRT4.dll: RpcStringFreeW, RpcBindingFree, RpcAsyncCompleteCall, RpcAsyncCancelCall, RpcAsyncInitializeHandle, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrAsyncClientCall<br><br>( 309 exports ) <br>Activate_RunDLL, AppCompat_RunDLLW, CDefFolderMenu_Create, CDefFolderMenu_Create2, CallCPLEntry16, CheckEscapesA, CheckEscapesW, CommandLineToArgvW, Control_FillCache_RunDLL, Control_FillCache_RunDLLA, Control_FillCache_RunDLLW, Control_RunDLL, Control_RunDLLA, Control_RunDLLAsUserW, Control_RunDLLW, DAD_AutoScroll, DAD_DragEnterEx, DAD_DragEnterEx2, DAD_DragLeave, DAD_DragMove, DAD_SetDragImage, DAD_ShowDragImage, DllCanUnloadNow, DllGetClassObject, DllGetVersion, DllInstall, DllRegisterServer, DllUnregisterServer, DoEnvironmentSubstA, DoEnvironmentSubstW, DragAcceptFiles, DragFinish, DragQueryFile, DragQueryFileA, DragQueryFileAorW, DragQueryFileW, DragQueryPoint, DriveType, DuplicateIcon, ExtractAssociatedIconA, ExtractAssociatedIconExA, ExtractAssociatedIconExW, ExtractAssociatedIconW, ExtractIconA, ExtractIconEx, ExtractIconExA, ExtractIconExW, ExtractIconResInfoA, ExtractIconResInfoW, ExtractIconW, ExtractVersionResource16W, FindExeDlgProc, FindExecutableA, FindExecutableW, FreeIconList, GetFileNameFromBrowse, ILAppendID, ILClone, ILCloneFirst, ILCombine, ILCreateFromPath, ILCreateFromPathA, ILCreateFromPathW, ILFindChild, ILFindLastID, ILFree, ILGetNext, ILGetSize, ILIsEqual, ILIsParent, ILLoadFromStream, ILRemoveLastID, ILSaveToStream, InternalExtractIconListA, InternalExtractIconListW, IsLFNDrive, IsLFNDriveA, IsLFNDriveW, IsNetDrive, IsUserAnAdmin, OpenAs_RunDLL, OpenAs_RunDLLA, OpenAs_RunDLLW, OpenRegStream, Options_RunDLL, Options_RunDLLA, Options_RunDLLW, PathCleanupSpec, PathGetShortPath, PathIsExe, PathIsSlowA, PathIsSlowW, PathMakeUniqueName, PathProcessCommand, PathQualify, PathResolve, PathYetAnotherMakeUniqueName, PickIconDlg, PifMgr_CloseProperties, PifMgr_GetProperties, PifMgr_OpenProperties, PifMgr_SetProperties, PrintersGetCommand_RunDLL, PrintersGetCommand_RunDLLA, PrintersGetCommand_RunDLLW, ReadCabinetState, RealDriveType, RealShellExecuteA, RealShellExecuteExA, RealShellExecuteExW, RealShellExecuteW, RegenerateUserEnvironment, RestartDialog, RestartDialogEx, SHAddFromPropSheetExtArray, SHAddToRecentDocs, SHAlloc, SHAllocShared, SHAppBarMessage, SHBindToParent, SHBrowseForFolder, SHBrowseForFolderA, SHBrowseForFolderW, SHCLSIDFromString, SHChangeNotification_Lock, SHChangeNotification_Unlock, SHChangeNotify, SHChangeNotifyDeregister, SHChangeNotifyRegister, SHChangeNotifySuspendResume, SHCloneSpecialIDList, SHCoCreateInstance, SHCreateDirectory, SHCreateDirectoryExA, SHCreateDirectoryExW, SHCreateFileExtractIconW, SHCreateLocalServerRunDll, SHCreateProcessAsUserW, SHCreatePropSheetExtArray, SHCreateQueryCancelAutoPlayMoniker, SHCreateShellFolderView, SHCreateShellFolderViewEx, SHCreateShellItem, SHCreateStdEnumFmtEtc, SHDefExtractIconA, SHDefExtractIconW, SHDestroyPropSheetExtArray, SHDoDragDrop, SHEmptyRecycleBinA, SHEmptyRecycleBinW, SHEnableServiceObject, SHEnumerateUnreadMailAccountsW, SHExtractIconsW, SHFileOperation, SHFileOperationA, SHFileOperationW, SHFindFiles, SHFind_InitMenuPopup, SHFlushClipboard, SHFlushSFCache, SHFormatDrive, SHFree, SHFreeNameMappings, SHFreeShared, SHGetAttributesFromDataObject, SHGetDataFromIDListA, SHGetDataFromIDListW, SHGetDesktopFolder, SHGetDiskFreeSpaceA, SHGetDiskFreeSpaceExA, SHGetDiskFreeSpaceExW, SHGetFileInfo, SHGetFileInfoA, SHGetFileInfoW, SHGetFolderLocation, SHGetFolderPathA, SHGetFolderPathAndSubDirA, SHGetFolderPathAndSubDirW, SHGetFolderPathW, SHGetIconOverlayIndexA, SHGetIconOverlayIndexW, SHGetImageList, SHGetInstanceExplorer, SHGetMalloc, SHGetNewLinkInfo, SHGetNewLinkInfoA, SHGetNewLinkInfoW, SHGetPathFromIDList, SHGetPathFromIDListA, SHGetPathFromIDListW, SHGetRealIDL, SHGetSetFolderCustomSettingsW, SHGetSetSettings, SHGetSettings, SHGetShellStyleHInstance, SHGetSpecialFolderLocation, SHGetSpecialFolderPathA, SHGetSpecialFolderPathW, SHGetUnreadMailCountW, SHHandleUpdateImage, SHHelpShortcuts_RunDLL, SHHelpShortcuts_RunDLLA, SHHelpShortcuts_RunDLLW, SHILCreateFromPath, SHInvokePrinterCommandA, SHInvokePrinterCommandW, SHIsFileAvailableOffline, SHLimitInputEdit, SHLoadInProc, SHLoadNonloadedIconOverlayIdentifiers, SHLoadOLE, SHLockShared, SHMapIDListToImageListIndexAsync, SHMapPIDLToSystemImageListIndex, SHMultiFileProperties, SHObjectProperties, SHOpenFolderAndSelectItems, SHOpenPropSheetW, SHParseDisplayName, SHPathPrepareForWriteA, SHPathPrepareForWriteW, SHPropStgCreate, SHPropStgReadMultiple, SHPropStgWriteMultiple, SHQueryRecycleBinA, SHQueryRecycleBinW, SHReplaceFromPropSheetExtArray, SHRestricted, SHRunControlPanel, SHSetInstanceExplorer, SHSetLocalizedName, SHSetUnreadMailCountW, SHShellFolderView_Message, SHSimpleIDListFromPath, SHStartNetConnectionDialogW, SHTestTokenMembership, SHUnlockShared, SHUpdateImageA, SHUpdateImageW, SHUpdateRecycleBinIcon, SHValidateUNC, SheChangeDirA, SheChangeDirExA, SheChangeDirExW, SheChangeDirW, SheConvertPathW, SheFullPathA, SheFullPathW, SheGetCurDrive, SheGetDirA, SheGetDirExW, SheGetDirW, SheGetPathOffsetW, SheRemoveQuotesA, SheRemoveQuotesW, SheSetCurDrive, SheShortenPathA, SheShortenPathW, ShellAboutA, ShellAboutW, ShellExec_RunDLL, ShellExec_RunDLLA, ShellExec_RunDLLW, ShellExecuteA, ShellExecuteEx, ShellExecuteExA, ShellExecuteExW, ShellExecuteW, ShellHookProc, ShellMessageBoxA, ShellMessageBoxW, Shell_GetCachedImageIndex, Shell_GetImageLists, Shell_MergeMenus, Shell_NotifyIcon, Shell_NotifyIconA, Shell_NotifyIconW, SignalFileOpen, StrChrA, StrChrIA, StrChrIW, StrChrW, StrCmpNA, StrCmpNIA, StrCmpNIW, StrCmpNW, StrCpyNA, StrCpyNW, StrNCmpA, StrNCmpIA, StrNCmpIW, StrNCmpW, StrNCpyA, StrNCpyW, StrRChrA, StrRChrIA, StrRChrIW, StrRChrW, StrRStrA, StrRStrIA, StrRStrIW, StrRStrW, StrStrA, StrStrIA, StrStrIW, StrStrW, WOWShellExecute, Win32DeleteFile, WriteCabinetState<br>
platypusvet
2009-04-01, 21:02
Ok,
I ran HJT, and it found all of the files you mentioned. I selected all of them and had HJT fix them. I also did the OtMoveIt script, and here is the log. I will now start the Kaspersky online scanner.
Thanks!
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\gonihuha.dll
c:\windows\system32\gonihuha.dll NOT unregistered.
c:\windows\system32\gonihuha.dll moved successfully.
File/Folder C:\WINDOWS\System32\bupuzedu.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\zukogulu.dll
C:\WINDOWS\System32\zukogulu.dll NOT unregistered.
C:\WINDOWS\System32\zukogulu.dll moved successfully.
C:\WINDOWS\System32\helileve.exe moved successfully.
C:\WINDOWS\System32\mayonibe.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4bcb2ffc-5f34-44ce-a2a3-647ccd23d216}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM63b41ba0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\jaziviweje deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04012009_125859
platypusvet
2009-04-02, 01:31
Here's the log from the Kaspersky scan. This morning I was still getting the pop-ups, and I think that the computer still will not shut down without manually switching it off.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, April 1, 2009
Operating System: Microsoft Windows XP Professional x64 Edition Service Pack 2 (build 3790)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, April 01, 2009 20:40:29
Records in database: 1993883
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 158878
Threat name: 3
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 01:57:03
File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BRX3ZHGS\d[1].htm Infected: not-a-virus:AdWare.Win32.Virtumonde.auxp 1
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP370\A0047082.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dw 1
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050115.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050116.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050117.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050119.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050122.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:\_OTMoveIt\MovedFiles\04012009_125859\windows\system32\helileve.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:\_OTMoveIt\MovedFiles\04012009_125859\windows\system32\mayonibe.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1
The selected area was scanned.
Hi
Please post fresh OTViewIt.txt log too :)
platypusvet
2009-04-02, 21:06
OTViewIt logfile created on: 4/2/2009 12:59:47 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.88% Memory free
3.87 Gb Paging File | 3.37 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 195.33 Gb Free Space | 69.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVO7
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[2005/02/25 19:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
[2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/08/29 11:55:54 | 01,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
[2009/01/24 19:53:13 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2005/08/30 19:53:34 | 00,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2005/10/26 10:34:44 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe
[2006/08/31 07:18:48 | 00,114,688 | ---- | M] () -- C:\Program Files (x86)\HIS iTurbo\iTurbo.exe
[2007/02/16 12:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe
[2007/03/02 17:24:28 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
[2002/09/10 23:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
[2008/06/08 13:00:07 | 01,192,088 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
[2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
[2009/03/31 18:10:05 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2005/03/25 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe
[2009/03/31 18:10:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
[2008/06/08 13:00:07 | 00,270,488 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
[2009/03/30 17:28:24 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/10/23 23:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (Ati HotKey Poller [Auto | Running])
[2007/11/02 00:05:00 | 00,660,992 | ---- | M] () -- C:\WINDOWS\system32\ati2saag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/23 23:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (dmadmin [On_Demand | Stopped])
File not found -- -- (Eventlog [Auto | Running])
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9a01db5bf260e [Auto | Stopped])
[2007/05/27 13:14:48 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Stopped])
[2007/02/18 13:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/03/31 18:10:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (MSDTC [On_Demand | Stopped])
[2007/02/18 13:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (NVSvc [Auto | Stopped])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (TlntSvr [Disabled | Stopped])
[2005/03/25 07:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
File not found -- -- (vds [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
[2006/11/03 20:36:20 | 00,014,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
========== Driver Services ==========
File not found -- -- (ACPI [Boot | Running])
File not found -- -- (ADIHdAudAddService [On_Demand | Running])
File not found -- -- (AFD [System | Running])
File not found -- -- (Arp1394 [On_Demand | Running])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (ati2mtag [On_Demand | Running])
File not found -- -- (ATIAVAIW [On_Demand | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (FltMgr [Boot | Running])
File not found -- -- (Ftdisk [Boot | Running])
[2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (HDAudBus [On_Demand | Running])
File not found -- -- (HTTP [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
File not found -- -- (Lbd [Boot | Running])
[2005/03/25 07:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (ms_mpu401 [On_Demand | Running])
File not found -- -- (MTsensor [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (NIC1394 [On_Demand | Running])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
File not found -- -- (Null [System | Running])
File not found -- -- (nvata64 [Boot | Running])
File not found -- -- (NVENETFD [On_Demand | Running])
File not found -- -- (nvnetbus [On_Demand | Running])
File not found -- -- (ohci1394 [Boot | Running])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (Processor [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
[2005/05/24 22:39:14 | 00,007,168 | ---- | M] () -- C:\Program Files (x86)\HIS iTurbo\RTCore64.sys -- (RTCore64 [On_Demand | Running])
[2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (SenFiltService [On_Demand | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (sfdrv01 [Boot | Running])
File not found -- -- (sfhlp02 [Boot | Running])
File not found -- -- (sfsync02 [Boot | Running])
File not found -- -- (sr [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
File not found -- -- (VolSnap [Boot | Running])
File not found -- -- (Wanarp [On_Demand | Running])
[2005/03/25 07:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])
File not found -- -- (WS2IFSL [System | Running])
[2005/10/19 21:34:02 | 00,007,680 | ---- | M] (Overclocking Tool) -- C:\Program Files (x86)\HIS iTurbo\atillk64.sys -- (atillk64 [Disabled | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig?hl=en
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig?hl=en
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ad-Watch"="C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)
"BJCFD"="C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe" ()
"CPM63b41ba0"=Rundll32.exe "c:\windows\system32\gonihuha.dll",a File not found
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
"iTurbo"="C:\Program Files (x86)\HIS iTurbo\iTurbo.exe" /s ()
"NMSVC"=C:\Program Files (x86)\CE\nmSvc.exe ()
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe File not found
"SoundMAX"="C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"x3watch"="C:\Program Files (x86)\X3watch\x3watch.exe" File not found
platypusvet
2009-04-02, 21:07
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe (Ahead Software)
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe (Ahead Software)
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SysWOW64\msjava.dll [Web Browser Applet Control] -> [2001/01/12 20:04:06 | 00,945,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sbcglobal.net: * in Trusted sites
sbcglobal.net: http in Trusted sites
sbcglobal.net: https in Trusted sites
yahoo.com: * in Trusted sites
yahoo.com: http in Trusted sites
yahoo.com: https in Trusted sites
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1575258458-2958649720-2788576334-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sbcglobal.net: * in Trusted sites
sbcglobal.net: http in Trusted sites
sbcglobal.net: https in Trusted sites
yahoo.com: * in Trusted sites
yahoo.com: http in Trusted sites
yahoo.com: https in Trusted sites
48 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}: http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab -- SentinelVE3D Class
{11260943-421B-11D0-8EAC-0000C07D88CF}: http://www.ipix.com/download/ipixx.cab -- iPIX ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{1F0C5B7A-0F6D-4CBB-8588-4EF6E3F7D8CA} (Servers: | Description: )
{30029412-16DB-433E-A430-0C67CF667E78} (Servers: | Description: 1394 Net Adapter)
{66E9D6B2-5037-407F-ABEE-F4A163408C20} (Servers: | Description: NVIDIA nForce Networking Controller)
========== (O20) AppInit_DLLs ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\windows\system32\gonihuha.dll
>File not found -- c:\windows\system32\gonihuha.dll
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/02/18 13:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe
"System"=lsass.exe
>File not found --
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\windows\SysWow64\gonihuha.dll File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
========== (O22) Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\windows\SysWow64\gonihuha.dll File not found
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2006/12/29 21:28:05 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[2009/04/01 12:51:11 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\instructions 4-1-09.doc
[2009/03/31 18:19:37 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/31 18:16:08 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/03/31 18:10:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/03/31 17:59:20 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 17:59:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/03/31 17:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HostXpert
[2009/03/31 17:51:05 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip
[2009/03/30 17:30:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/03/30 17:30:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 17:30:56 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 17:30:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/30 17:30:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 17:30:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/03/30 17:28:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/03/30 17:28:17 | 02,906,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/03/28 12:12:58 | 00,001,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/28 12:12:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/03/28 12:12:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\3-28-2009
[2009/03/28 12:11:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/03/28 12:10:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 12:09:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/28 12:07:51 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Instructions.doc
[2009/03/28 08:22:21 | 00,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/28 08:15:45 | 00,153,144 | ---- | C] (Antimalware Development a.s.) -- C:\Documents and Settings\Administrator\Desktop\ewido_micro.exe
[2009/03/28 08:00:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/03/28 08:00:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/28 07:58:19 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/03/27 19:38:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/27 19:38:52 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/27 19:38:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/03/27 19:38:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/03/27 19:38:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/03/24 19:23:23 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2009/03/23 18:52:02 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/23 18:48:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2009/03/22 16:31:37 | 00,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/22 16:23:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/22 16:22:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/03/22 16:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/15 15:53:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/15 15:53:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/09 18:31:40 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VueScan.lnk
[2009/03/09 18:31:39 | 00,000,000 | ---D | C] -- C:\VueScan
[2009/03/08 22:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Sketch-UP
[2009/03/06 21:17:42 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nepali recipes.doc
========== Files - Modified Within 30 Days ==========
[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/02 12:59:57 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/02 12:56:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 12:56:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 12:51:11 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\instructions 4-1-09.doc
[2009/03/31 19:01:27 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\bupuzedu
[2009/03/31 18:16:09 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/03/31 17:59:20 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 17:51:06 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip
[2009/03/30 17:30:56 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 17:29:23 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Instructions.doc
[2009/03/30 17:28:24 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/03/30 17:28:18 | 02,906,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/03/29 16:32:01 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/28 12:12:58 | 00,001,788 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/28 12:10:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 12:09:27 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/28 08:22:21 | 00,000,306 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/28 08:15:46 | 00,153,144 | ---- | M] (Antimalware Development a.s.) -- C:\Documents and Settings\Administrator\Desktop\ewido_micro.exe
[2009/03/28 07:59:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/03/27 19:38:52 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 06:26:23 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/03/24 19:11:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/21 08:03:01 | 00,000,037 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\TheHunterSettings.cfg
[2009/03/15 16:05:18 | 00,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/15 15:53:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/15 15:53:51 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/14 13:27:54 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:28:02 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 18:31:40 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VueScan.lnk
[2009/03/06 21:17:43 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nepali recipes.doc
< End of report >
platypusvet
2009-04-02, 21:08
OTViewIt Extras logfile created on: 4/2/2009 12:59:47 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.88% Memory free
3.87 Gb Paging File | 3.37 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 195.33 Gb Free Space | 69.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVO7
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/03/25 07:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2007/03/02 17:24:20 | 14,672,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/02/10 11:48:12 | 09,187,328 | ---- | M] () -- C:\Program Files (x86)\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
[2007/10/22 20:07:42 | 02,667,744 | ---- | M] (Crytek GmbH) -- C:\Program Files (x86)\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo
[2008/09/30 21:48:24 | 10,738,208 | ---- | M] (Southlogic Studios) -- C:\Program Files (x86)\Deer Hunter Tournament\DHT.exe:*:Enabled:Deer Hunter Tournament
[2008/09/29 20:02:38 | 00,750,864 | ---- | M] (Southlogic Studios) -- C:\Program Files (x86)\Deer Hunter Tournament\Updater.exe:*:Enabled:Deer Hunter Tournament Current Updater
[2007/08/29 11:55:54 | 01,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe:*:Enabled:Weather
[2007/02/16 12:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe:*:Enabled:qttask
[2009/02/17 11:44:46 | 04,204,544 | ---- | M] () -- C:\Program Files (x86)\Emote\Launcher\launcher.exe:*:Enabled:launcher
[2005/03/25 07:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rundll32.exe:*:Enabled:rundll32
[2005/02/25 19:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe:*:Enabled:mssysmgr
[2007/03/02 17:24:20 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe:*:Enabled:iPodService
File not found -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:reader_sl
[2005/10/26 10:34:44 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe:*:Enabled:Smax4
[2002/09/10 23:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe:*:Enabled:CFD
[2009/03/08 13:42:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate
[2007/02/18 13:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:msmsgs
[2007/03/02 17:24:28 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Enabled:Intuit Update Shared Downloads Server
[2005/03/25 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe:*:Enabled:ctfmon
[2007/02/18 13:05:48 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\runonce.exe:*:Enabled:runonce
[2003/08/06 16:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:WINWORD
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Covenant Eyes NSP for TCP services] -- C:\WINDOWS\system32\nmNsp.dll ()
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 14:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 21:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 16:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 18:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 13:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 16:22:02 | 03,134,976 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/25 07:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/17 11:57:36 | 00,698,368 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/02/10 08:52:22 | 08,360,960 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B51908-02EF-453B-87A9-815182E8C2F2}"=iTunes
"{025C3792-E9C6-432A-92C1-661F99D021CA}"=Ulead Photo Explorer 8.5 SE
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{08C5C5DC-E56F-2691-B577-24AA7992883D}"=CCC Help English
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{111E336D-30BF-4CD4-8D69-4541732AFB27}"=Peter Jackson's King Kong - The Official Game of the Movie
"{17D2AF72-1448-4C43-A1C4-842757E4DEB6}"=Cabela's Big Game Hunter - Alaskan Adventures
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java(TM) 6 Update 13
"{28E66EE0-17F0-71C7-CC7C-FAF42C08AE64}"=Catalyst Control Center Graphics Full Existing
"{29521505-F489-4822-ADFA-32C6DEE4F114}"=TurboTax 2008 WinPerUserEducation
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}"=3DMark05
"{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}"=The Chronicles of Narnia
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
"{3D374523-CFDE-461A-827E-2A102E2AB365}"=Star Wars Battlefront II
"{548EAC70-EE00-11DD-908C-005056806466}"=Google Earth
"{5AC5ED2E-2936-4B54-A429-703F9034938E}"=Covenant Eyes
"{5E863175-E85D-44A6-8968-82507D34AE7F}"=QuickTime
"{619B8475-0F48-41B7-A370-5147F7092989}"=Virtual Earth 3D (Beta)
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}"=Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}"=WeatherBug
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}"=TurboTax 2008 WinPerFedFormset
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}"=3DMark06
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}"=TurboTax 2008 WinPerReleaseEngine
"{8F150700-39E7-79AC-80DE-4A937D7D8D30}"=Catalyst Control Center Core Implementation
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{92AF2F5A-4407-4A03-A80A-5A2582264746}"=Crysis(R) SP Demo
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}"=AnswerWorks 5.0 English Runtime
"{A1570582-F77D-9272-BA3D-E97B71AD3E23}"=ccc-core-static
"{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"{A69F83B6-1AB1-97C6-A76B-79CE7B87042C}"=ccc-core-preinstall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}"=Adobe Reader 9.1
"{ACC2CB83-5C44-4221-9E08-43A0DD071CE7}"=Cabela's African Safari
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}"=TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}"=TurboTax 2008 WinPerTaxSupport
"{B349B1C0-9920-9C91-AFF3-0D727A6E49C5}"=Skins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{C23C2D03-778A-F358-37BC-8C005BC69ABE}"=Catalyst Control Center Graphics Full New
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}"=AVIVO Codecs
"{C9DCF88C-FBF4-CC42-3721-416ACE06A9BD}"=Catalyst Control Center Graphics Previews Common
"{CCDD8C24-EB4A-4BCC-BAFD-4812F9B70FDE}"=TurboTax 2008 wokiper
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF404C21-47EB-4FA5-B920-91746874ED43}"=Ulead Photo Express My Scrapbook 2.0
"{D17C4B85-A12C-442F-81A6-21EAB64F014A}"=Cabela's Trophy Bucks
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}"=Google SketchUp 7
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}"=TurboTax 2008 WinPerProgramHelp
"{E86E8B33-0497-50AE-D383-C80D14F80F05}"=Catalyst Control Center Graphics Light
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8CF44C8-6295-417B-8B04-AAB39F1BB649}_is1"=Call of Juarez SP Demo
"{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}"=Call of Duty(R) 2 Demo
"{FC92B547-87C7-4A3E-B5C9-F289D6CB43C2}"=ATI Demo - Toy Shop (v1.2)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1947ed9c549f680a9ed3f1fdbb9337a4"=Myst V End Of Ages
"Ad-Aware"=Ad-Aware
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"BroadJump Client Foundation"=BroadJump Client Foundation
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"Deer Hunter 2005_is1"=Deer Hunter - The 2005 Season
"Deer Hunter Tournament_is1"=Deer Hunter Tournament
"Emote-Launcher"=Emote-Launcher (remove only)
"ERUNT_is1"=ERUNT 1.1j
"HijackThis"=HijackThis 2.0.2
"InstallShield_{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}"=The Chronicles of Narnia
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}"=Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}"=Call of Duty(R) 2 Demo
"iTurbo"=HIS iTurbo 1.10.4
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"RealPlayer 6.0"=RealPlayer
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6"=Microsoft Flight Simulator X Service Pack 1
"TripleAVersion1_0_0_3"=TripleA Version 1_0_0_3
"TurboTax 2008"=TurboTax 2008
"VueScan"=VueScan
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"WinGimp-2.0_is1"=GIMP 2.4.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/31/2009 7:24:16 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:33 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:34 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:35 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:36 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:37 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:38 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:39 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:39 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/31/2009 7:24:40 PM | Computer Name = STEVO7 | Source = Application Error | ID = 1000
Description = Faulting application otmoveit3.exe, version 1.0.10.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 3/31/2009 7:08:01 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 4/1/2009 1:31:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 4/1/2009 1:31:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 4/1/2009 1:31:36 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 4/1/2009 7:43:47 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 4/1/2009 7:43:47 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 4/1/2009 7:43:47 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 4/2/2009 1:57:00 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 4/2/2009 1:57:00 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 4/2/2009 1:57:00 PM | Computer Name = STEVO7 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
< End of report >
Hi
Did you have Ad-Watch turned off as instructed? There are still some entries we tried remove earlier. Please make sure Ad-Watch is disabled.
We need to execute an OTMoveIt3 script
Double click theOTMoveIt3 icon on your desktop.
Paste the following code under the Paste Fix Here area. Do not include the word
Code
.
:Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BRX3ZHGS\d[1].htm
C:\WINDOWS\System32\bupuzedu
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPM63b41ba0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Re-run also MBAM and post back its report.
platypusvet
2009-04-03, 01:31
Hi again,
On startuptoday, I have been getting an error message reading: "Error loading c:\windows\system32\gonihua.dll
The specified module cannot be found."
Here is the OTMoveIt log - I will re-run MBAM.
========== FILES ==========
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BRX3ZHGS\d[1].htm moved successfully.
C:\WINDOWS\System32\bupuzedu moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM63b41ba0 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04022009_172949
platypusvet
2009-04-03, 01:36
I forgot to answer your previous question - yes, Ad-Watch is disabled. I'll post the latest MBAM log shortly.
platypusvet
2009-04-03, 02:30
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.2.3790 Service Pack 2
4/2/2009 6:24:21 PM
mbam-log-2009-04-02 (18-24-21).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 228001
Time elapsed: 43 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050115.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050116.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050117.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050119.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C092230F-D078-431A-AA74-1BB66ACA0E0A}\RP372\A0050122.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04012009_125859\windows\system32\helileve.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04012009_125859\windows\system32\mayonibe.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tozewala.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\depohowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Hi
Please post a fresh hjt log too :)
platypusvet
2009-04-03, 17:47
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:59 AM, on 4/3/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HIS iTurbo\iTurbo.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
C:\Program Files (x86)\CE\nmSvc.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\CE\nmFlt.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [iTurbo] "C:\Program Files (x86)\HIS iTurbo\iTurbo.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9a01db5bf260e) (gupdate1c9a01db5bf260e) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
End of file - 7915 bytes
Hi
Is Covenant Eyes installed by yourself/are you aware of its presence?
platypusvet
2009-04-03, 22:37
Yes, I installed it. This is a family computer and I use Covenant Eyes to monitor websites that are visited.
Ok. Thanks for explaining that :)
Please reboot, post a fresh hjt log and let me know how's the system running.
platypusvet
2009-04-04, 01:41
Hi,
The computer seems to be running fairly well - no pop-ups the last several times it has been on, and shut-down works correctly now as well. I'm hopeful that this is taken care of, but want to make sure. Here is a fresh HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:11 PM, on 4/3/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files (x86)\HIS iTurbo\iTurbo.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
C:\Program Files (x86)\CE\nmSvc.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files (x86)\CE\nmFlt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [iTurbo] "C:\Program Files (x86)\HIS iTurbo\iTurbo.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O10 - Unknown file in Winsock LSP: cespy.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9a01db5bf260e) (gupdate1c9a01db5bf260e) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
End of file - 7977 bytes
Hi
That looks ok now :)
I recommend having your antispyware programs run occasionally. Also, it would be recommended to purchase suitable antivirus program. Unfortunately, there're no free options for win2k3 since it's server and those are not so common in home use.
Let's remove OTViewIt.
Start it.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
It's recommended also to keep up with the latest Windows updates available. You'll get those from the windows update site (http://windowsupdate.microsoft.com/).
platypusvet
2009-04-04, 02:57
Great - thanks very much for your help! Actually I'm running windows XP64, not 2003. I know that sometimes there are compatibility issues with non-64 bit programs, but maybe there might be something that would work. Do you have any specific recommendations for either free or purchased antivirus software? I have mostly avoided installing them because of performance issues in the past. If you have any other advice on keeping this computer clean, I'd be grateful.
Thanks again!
Hi
Ok. I should had asked you right away if it was 64-bit XP. Both that and Win2k3 appears in logs as Windows 2003.
Good free antivirus programs (working also in 64-bit environment) are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.