TheTerrorist_75 Posted August 2, 2009 Report Share Posted August 2, 2009 Darn kids don't listen. I yelled at them for using P2P plus not clicking links or playing games at Facebook and Myspace. This Dell came with a trial of Norton but the kids installed Avast. After niece noticed popup ads after going to Facebook her husband tried installing PC-cillin, oh joy. I see I missed deleting some entries for those programs.. I was finally able to install Panda AV Pro which I pay for several licenses each year. I ran all scans on each account. I will list them separately here in this thread. I didn't realize that System Restore was turned off so I enabled it then made a restore point when Comedian said it couldn't create one. Bill's account Malwarebytes' Anti-Malware 1.39 Database version: 2506 Windows 5.1.2600 Service Pack 3 7/31/2009 10:46:15 PM mbam-log-2009-07-31 (22-46-15).txt Scan type: Quick Scan Objects scanned: 125706 Time elapsed: 7 minute(s), 38 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 12 Registry Values Infected: 11 Registry Data Items Infected: 4 Folders Infected: 1 Files Infected: 9 Memory Processes Infected: C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully. Memory Modules Infected: c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot. c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Bill\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot. c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot. c:\WINDOWS\system32\netdde.sys (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Bill\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------- Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 127 Stepping 2, AuthenticAMD . [wscsvc] (Security Center) RUNNING (state:4) [sharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.5.1 (en-US) . C:\ [Fixed-NTFS] .. ( Total:148 Go - Free:116 Go ) D:\ [CD_Rom] . Scan : 11:59.55 Path : C:\Documents and Settings\Bill\Desktop\Rooter.exe User : Bill ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (976) ______ \??\C:\WINDOWS\system32\csrss.exe (1024) ______ \??\C:\WINDOWS\system32\winlogon.exe (1048) ______ C:\WINDOWS\system32\services.exe (1092) ______ C:\WINDOWS\system32\lsass.exe (1104) ______ C:\WINDOWS\system32\svchost.exe (1272) ______ C:\WINDOWS\system32\svchost.exe (1332) ______ C:\WINDOWS\system32\svchost.exe (1452) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (1480) ______ C:\WINDOWS\system32\svchost.exe (1572) ______ C:\WINDOWS\system32\svchost.exe (748) ______ C:\WINDOWS\system32\spoolsv.exe (260) ______ C:\WINDOWS\system32\svchost.exe (764) ______ C:\WINDOWS\system32\svchost.exe (1544) ______ C:\Program Files\Java\jre6\bin\jqs.exe (2016) ______ C:\WINDOWS\system32\nvsvc32.exe (460) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (1176) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (1768) ______ C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (328) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (120) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (1880) ______ C:\Program Files\CyberLink\Shared files\RichVideo.exe (368) ______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1840) ______ C:\WINDOWS\system32\svchost.exe (488) ______ C:\WINDOWS\system32\fxssvc.exe (1820) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (1548) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (1668) ______ C:\WINDOWS\Explorer.EXE (2392) ______ C:\WINDOWS\RTHDCPL.EXE (3248) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (3568) ______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3648) ______ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (3768) ______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (3880) ______ C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (3924) ______ C:\WINDOWS\System32\drivers\PhiBtn.exe (4020) ______ C:\WINDOWS\system32\RUNDLL32.EXE (2708) ______ C:\Program Files\Java\jre6\bin\jusched.exe (1952) ______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (3228) ______ C:\WINDOWS\system32\ctfmon.exe (2340) ______ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe (2816) ______ C:\WINDOWS\system32\wuauclt.exe (2000) ______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (2968) ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3216) ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2592) ______ C:\WINDOWS\System32\alg.exe (1224) ______ C:\WINDOWS\system32\wscntfy.exe (2736) ______ C:\Documents and Settings\Bill\Desktop\Rooter.exe (2636) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:159948794880) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\EasyShare Registration Task.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 12:00.00 . C:\Rooter$\Rooter_1.txt - (02/08/2009 | 12:00.00) ------------------------------------------------------------------- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/02 12:02 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: av5flt.sys Image Path: C:\WINDOWS\system32\drivers\av5flt.sys Address: 0xB4ACD000 Size: 92544 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB624A000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5D4000 Size: 8192 File Visible: No Signed: - Status: - Name: PavSRK.sys Image Path: C:\WINDOWS\system32\PavSRK.sys Address: 0xBA368000 Size: 32768 File Visible: No Signed: - Status: - Name: PavTPK.sys Image Path: C:\WINDOWS\system32\PavTPK.sys Address: 0xBA2D8000 Size: 49152 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB4A95000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb577da30 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb577ce50 Hidden Services ------------------- Service Name: vsfocedsyafrmm Image Path: C:\WINDOWS\system32\drivers\vsfocexpnfvaql.sys Service Name: vsfocetymovrod Image Path: C:\WINDOWS\system32\drivers\vsfoceulqjnogt.sys ==EOF== --------------------------------------------------------------------------- OTL logfile created on: 8/2/2009 12:07:58 PM - Run 1 OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 75.48% Memory free 3.79 Gb Paging File | 3.43 Gb Available in Paging File | 90.60% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 116.87 Gb Free Space | 78.46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DCK7T3G1 Current User Name: Bill Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.) PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price) PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.) SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.) SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.) SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP) SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International) SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.) SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.) SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe () SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (APPFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\APPFLT.SYS (Panda Security, S.L.) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AvFlt [On_Demand | Running]) -- File not found DRV - (camvid40 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\camdrv41.sys (Philips Consumer Electronics) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (ComFiltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys () DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (DSAFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\DSAFLT.SYS (Panda Security, S.L.) DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (FNETMON [system | Running]) -- C:\WINDOWS\System32\Drivers\fnetmon.SYS (Panda Security, S.L.) DRV - (GoProto [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\goprot51.sys (Gteko Ltd.) DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (IDSFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\IDSFLT.SYS (Panda Security, S.L.) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (NETFLTDI [system | Running]) -- C:\WINDOWS\System32\Drivers\NETFLTDI.SYS (Panda Security, S.L.) DRV - (NETIMFLT01060034 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\neti1634.sys (Panda Security, S.L.) DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation) DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.) DRV - (PAVDRV [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys (Panda Security, S.L.) DRV - (PavProc [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys (Panda Security, S.L.) DRV - (PavSRK.sys [On_Demand | Running]) -- File not found DRV - (PavTPK.sys [On_Demand | Running]) -- File not found DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (ShldDrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys (Panda Security, S.L.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.) DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (WNMFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS (Panda Security, S.L.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auctionsinternational.com/ IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll () IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\S-1-5-21-1216478575-1639340339-3823283540-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M] [2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions [2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/08 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\[email protected] [2009/08/02 09:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions [2009/07/29 05:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/25 19:02:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\FireFox\Profiles\789pe03b.default\searchplugins\ask.xml [2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price) O4 - HKLM..\Run: [HP Component Manager] c:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\System32\drivers\Tray900.exe (Philips) O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe () O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..Trusted Domains: rbrooks.com ([project] https in Trusted sites) O15 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1008\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class) O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: msncache - Service key not found. File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.) SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/08/02 12:01:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat [2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/08/02 11:49:29 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/08/02 11:49:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk [2009/08/02 11:49:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk [2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/08/02 11:39:05 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe [2009/08/02 11:36:54 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe [2009/08/02 11:36:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe [2009/08/02 11:36:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe [2009/08/02 11:36:40 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe [2009/08/02 11:29:39 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc [2009/08/02 09:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Yahoo! [2009/08/02 09:34:37 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk [2009/08/02 09:34:03 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk [2009/08/02 09:33:41 | 00,001,560 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk [2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS [2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/08/01 20:51:00 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/01 20:51:00 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/01 20:51:00 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/08/01 19:18:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys [2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys [2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys [2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS [2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS [2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys [2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys [2009/07/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Panda Security [2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys [2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat [2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl [2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll [2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll [2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys [2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll [2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL [2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll [2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll [2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Panda Security [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys [2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys [2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security [2009/07/31 22:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes [2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/07/31 22:25:18 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys [2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools [2009/07/31 21:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\CCleaner backup [2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads [2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/07/29 05:25:10 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2009/07/29 05:25:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys [2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys [2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys [2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys [2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys [2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/07/27 14:19:43 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat [2009/07/27 14:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14899704 [2009/07/27 14:09:38 | 00,024,130 | ---- | C] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat [2009/07/27 14:09:37 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys [2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe [2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/07/24 12:21:45 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat [2009/07/24 12:11:38 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat [2009/07/24 12:11:35 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys [2009/07/20 13:45:24 | 00,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk [2009/07/20 13:44:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BWKDLogs [2009/07/11 13:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Genetec Software [2009/07/05 22:51:25 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2009/07/05 07:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2009/03/05 07:51:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/12/20 20:19:31 | 00,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/08/24 11:51:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/08/21 22:04:45 | 00,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll [2008/08/21 22:04:45 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll [2008/08/03 21:17:01 | 00,000,188 | ---- | C] () -- C:\WINDOWS\ViewNX.INI [2008/07/08 14:40:14 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/06/01 10:06:22 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/04/19 07:40:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/19 07:05:47 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/04/19 07:05:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/04/19 07:05:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/04/19 07:05:45 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/04/19 07:05:45 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/04/19 07:04:20 | 00,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [2009/08/02 12:01:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat [2009/08/02 11:55:48 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck [2009/08/02 11:55:48 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg [2009/08/02 11:55:48 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck [2009/08/02 11:55:48 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg [2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck [2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg [2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck [2009/08/02 11:55:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg [2009/08/02 11:55:37 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2009/08/02 11:55:37 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2009/08/02 11:54:44 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck [2009/08/02 11:54:44 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg [2009/08/02 11:54:41 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck [2009/08/02 11:54:41 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt [2009/08/02 11:54:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/08/02 11:54:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/08/02 11:54:18 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys [2009/08/02 11:49:29 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/08/02 11:49:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk [2009/08/02 11:49:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk [2009/08/02 11:41:00 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck [2009/08/02 11:41:00 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt [2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe [2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe [2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe [2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe [2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc [2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2009/08/02 09:34:37 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk [2009/08/02 09:34:03 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk [2009/08/02 09:33:41 | 00,001,560 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk [2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys [2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/01 20:50:48 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/01 20:50:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe [2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck [2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls [2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/07/31 23:35:49 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini [2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat [2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe [2009/07/29 18:16:04 | 00,065,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys [2009/07/29 17:09:58 | 00,024,130 | ---- | M] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat [2009/07/29 17:09:58 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat [2009/07/29 09:54:12 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb [2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb [2009/07/29 05:26:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys [2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/07/27 02:37:41 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat [2009/07/27 02:37:41 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat [2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/07/25 10:30:59 | 00,067,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys [2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2009/07/20 13:45:24 | 00,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk [2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job [2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll [2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/07/05 22:55:36 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2009/07/05 22:09:35 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2009/07/05 07:33:38 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk [2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll [2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2009/07/03 13:09:28 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll [2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll [2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll [2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2009/07/03 13:09:23 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll ========== LOP Check ========== [2009/08/01 08:55:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver [2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704 [2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead [2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother [2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar [2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo [2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data [2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead [2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink [2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon [2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security [2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux [2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template [2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver [2009/08/01 09:05:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CyberLink [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver [2009/08/01 09:03:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CyberLink [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver [2009/07/28 17:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data [2009/08/01 20:23:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\monica\Application Data [2008/12/23 22:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Ahead [2008/08/21 22:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ArcSoft [2009/01/06 20:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\CyberLink [2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Foxit [2008/08/03 20:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Nikon [2008/11/28 13:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Skinux [2008/06/02 07:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Template [2009/07/06 09:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\U3 [2008/07/31 13:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\You've Got Pictures Screensaver [2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data [2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job [2009/08/02 11:54:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\System32\antiwpa.dll > < %systemroot%\SYSTEM32\wpa.dll > < %systemroot%\setup\scripts\biestart.exe > < %systemroot%\system32\drivers\royal.sys > < %systemroot%\system32\oobe\AntiWPA_Crypt.dll > < %TEMP%\antiwpa_crypt.dll > < %TEMP%\antiwpa.dll /s > < %PROGRAMFILES%\antiwpa.dll /s > < %systemroot%\system32\crypt.dll > < %TEMP%\crypt.dll > < %SYSTEMDRIVE%\*. > [2009/08/02 12:07:50 | 00,000,000 | ---D | M] -- C: [2009/08/02 10:18:31 | 00,000,000 | -H-D | M] -- C:\Config.Msi [2009/07/28 21:17:15 | 00,000,000 | ---D | M] -- C:\dell [2009/07/31 22:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings [2008/04/09 18:40:08 | 00,000,000 | ---D | M] -- C:\drivers [2008/06/03 08:43:46 | 00,000,000 | ---D | M] -- C:\i386 [2008/04/19 07:35:44 | 00,000,000 | ---D | M] -- C:\My Music [2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files [2009/07/31 22:15:31 | 00,000,000 | -HSD | M] -- C:\RECYCLER [2009/08/02 12:00:00 | 00,000,000 | ---D | M] -- C:\Rooter$ [2008/06/18 14:22:45 | 00,000,000 | ---D | M] -- C:\swsetup [2009/08/02 11:51:00 | 00,000,000 | -HSD | M] -- C:\System Volume Information [2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\temp [2009/08/02 11:55:49 | 00,000,000 | ---D | M] -- C:\WINDOWS < %SYSTEMDRIVE%\*.* > [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/06/01 09:47:33 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/04/19 07:07:40 | 00,006,925 | RH-- | M] () -- C:\dell.sdr [2009/08/02 11:54:18 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys [2003/12/08 13:15:56 | 00,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll [2008/06/01 10:09:46 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\IO.SYS [2008/04/19 07:36:33 | 00,001,211 | -H-- | M] () -- C:\IPH.PH [2009/08/01 20:54:08 | 00,000,792 | ---- | M] () -- C:\JavaRa.log [2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/19 19:10:04 | 00,250,048 | RHS- | M] () -- C:\ntldr [2009/08/02 11:54:17 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys [2009/08/02 12:02:36 | 00,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-02-36).txt [2008/04/19 07:36:40 | 00,000,071 | ---- | M] () -- C:\SystemInfo.ini [2008/06/15 16:01:41 | 00,002,553 | ---- | M] () -- C:\_Sid.txt < %PROGRAMFILES%\*. > [2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files [2009/07/31 21:26:18 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/08/01 21:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2009/08/01 20:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\AskBarDis [2008/12/21 10:18:19 | 00,000,000 | ---D | M] -- C:\Program Files\AskSearch [2009/07/30 20:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner [2009/07/31 23:33:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files [2004/08/10 13:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2009/07/05 07:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2009/01/06 20:20:28 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink [2008/12/20 20:24:19 | 00,000,000 | ---D | M] -- C:\Program Files\Dell [2008/04/19 07:30:25 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center [2009/08/02 11:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT [2008/06/11 09:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\Fisher-Price [2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Program Files\Foxit Software [2009/07/27 20:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Google [2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hp [2009/07/31 23:34:19 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009/07/29 05:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2009/08/01 20:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\Java [2009/07/31 21:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools [2009/07/20 13:44:53 | 00,000,000 | ---D | M] -- C:\Program Files\Kodak [2008/08/21 18:31:11 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys EasyLink Advisor [2009/07/31 22:36:32 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/09/19 19:17:13 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger [2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2009/03/05 07:46:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009/06/11 03:02:52 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2008/04/19 07:25:26 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool [2008/09/19 19:14:04 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2009/08/02 09:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009/03/29 10:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild [2004/08/10 13:01:16 | 00,000,000 | ---D | M] -- C:\Program Files\MSN [2004/08/10 13:01:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone [2008/06/03 07:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2008/04/19 07:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0 [2008/11/24 21:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Nero [2008/09/19 19:12:25 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2008/08/03 20:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon [2009/08/01 21:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\NOS [2004/08/10 13:01:34 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services [2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security [2008/08/21 22:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\Philips [2009/06/03 20:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\PhoTags Express [2009/08/01 21:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime [2009/03/29 10:11:15 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2009/03/14 11:47:19 | 00,000,000 | R--D | M] -- C:\Program Files\Skype [2009/08/01 20:01:17 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster [2008/09/27 07:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\The Rosetta Stone [2008/07/08 19:31:09 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite [2008/07/08 19:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2 [2004/08/10 13:08:30 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2008/10/26 09:45:34 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2008/10/26 18:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital [2008/10/26 18:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies [2008/10/12 09:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2 [2008/10/13 03:07:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT [2004/08/10 13:02:52 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2004/08/10 13:04:18 | 00,000,000 | ---D | M] -- C:\Program Files\xerox [2009/07/30 20:32:11 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! < %systemroot%\*.exe > [2008/04/06 21:25:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE [2008/04/06 21:25:28 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2008/04/13 20:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe [1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2008/04/06 21:25:36 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe [2008/04/13 20:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe [2008/04/06 21:25:38 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE [2008/04/06 21:25:40 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE [2008/04/06 21:25:40 | 01,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2006/08/02 10:29:04 | 00,077,824 | ---- | M] () -- C:\WINDOWS\setpwr32.exe [2008/04/06 21:25:42 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2008/04/13 20:12:35 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe [2008/04/06 21:25:42 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2004/08/04 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE [2004/08/04 05:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe [2004/08/04 05:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe [2007/03/20 22:22:04 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroBackItUp.exe [2007/06/27 20:05:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroMediaHome.exe [2007/02/28 17:41:02 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroShowTime.exe [2007/06/26 15:12:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe [2007/04/23 17:42:50 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNRecode.exe [2004/08/04 05:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe [2008/04/13 20:12:39 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe < %systemroot%\system32\drivers\*.exe > [2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe [2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe < %systemroot%\system32\drivers\*.dat > [2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\system32\drivers\APPFCONT.DAT < %systemroot%\system\*.exe > < %PROGRAMFILES%\*.* > < %APPDATA%\*.* > [2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Bill\Application Data\desktop.ini [2008/11/05 14:04:20 | 00,000,116 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\wklnhst.dat < set /c > ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Bill\Application Data CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DCK7T3G1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Bill LOGONSERVER=\\DCK7T3G1 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 127 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=7f02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Bill\LOCALS~1\Temp TMP=C:\DOCUME~1\Bill\LOCALS~1\Temp USERDOMAIN=DCK7T3G1 USERNAME=Bill USERPROFILE=C:\Documents and Settings\Bill windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation < End of report > ------------------------------------------------------------------------------------------------- OTL Extras logfile created on: 8/2/2009 12:07:58 PM - Run 1 OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 75.48% Memory free 3.79 Gb Paging File | 3.43 Gb Available in Paging File | 90.60% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 116.87 Gb Free Space | 78.46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DCK7T3G1 Current User Name: Bill Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1216478575-1639340339-3823283540-1008\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access "1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- File not found "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- File not found "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found "C:\Program Files\Common Files\AOL\1208604908\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1208604908\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found "C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company) "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- () "C:\WINDOWS\fonts\services.exe" = C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe -- File not found "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant "{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2EEE18E7-5C87-4506-A7E4-A42A6191B03E}" = Panda Antivirus Pro 2009 "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy "{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500 "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security "{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext "{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour "{5E564EB5-6BE3-4084-BEC0-627D637BBE8C}" = Easy-Link internet launch pad "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1 "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc "{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director "{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare "{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition "{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2009 "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations "{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ask Toolbar_is1" = Foxit Toolbar "CCleaner" = CCleaner (remove only) "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044) "ERUNT_is1" = ERUNT 1.1j "Foxit Reader" = Foxit Reader "HP Photo & Imaging" = HP Image Zone 4.2 "ie8" = Windows Internet Explorer 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "jv16 PowerTools_is1" = jv16 PowerTools 1.3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "PhoTagsExpress" = PhoTags Express "Picasa 3" = Picasa 3 "SpywareBlaster_is1" = SpywareBlaster 4.2 "TomTom HOME" = TomTom HOME "VLC media player" = VLC media player 0.9.2 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/31/2009 5:46:07 PM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1001 Description = Fault bucket 00536409. Error - 8/1/2009 6:52:26 AM | Computer Name = DCK7T3G1 | Source = Sentinel | ID = 251722432 Description = Unexpected failure scanning file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DON'S DOWNLOADS\AP09.EXE. If the problem persists, please contact with support. Error - 8/1/2009 6:52:26 AM | Computer Name = DCK7T3G1 | Source = Sentinel | ID = 251722432 Description = Unexpected failure scanning file C:\WINDOWS\SYSTEM32\NOTEPAD.EXE. If the problem persists, please contact with support. Error - 8/1/2009 7:14:43 PM | Computer Name = DCK7T3G1 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 8/1/2009 7:15:07 PM | Computer Name = DCK7T3G1 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 8/1/2009 8:50:34 PM | Computer Name = DCK7T3G1 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 8/2/2009 9:31:20 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1000 Description = Faulting application TPSrv.exe, version 9.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 8/2/2009 9:39:35 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1004 Description = Faulting application TPSrv.exe, version 9.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 8/2/2009 11:47:56 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1000 Description = Faulting application the_comedian.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 8/2/2009 11:57:29 AM | Computer Name = DCK7T3G1 | Source = Application Error | ID = 1000 Description = Faulting application easyshare.exe, version 7.0.25.114, faulting module unknown, version 0.0.0.0, fault address 0x00a404aa. [ System Events ] Error - 7/31/2009 10:15:38 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 7/31/2009 10:15:38 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip Error - 7/31/2009 10:17:21 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 7/31/2009 10:18:50 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 7/31/2009 10:21:39 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 7/31/2009 10:24:35 PM | Computer Name = DCK7T3G1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/31/2009 10:46:15 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7034 Description = The sopidkc Service service terminated unexpectedly. It has done this 1 time(s). Error - 8/1/2009 6:44:45 AM | Computer Name = DCK7T3G1 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.100 for the Network Card with network address 001EC9755754 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message). Error - 8/2/2009 9:31:48 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7034 Description = The Panda TPSrv service terminated unexpectedly. It has done this 1 time(s). Error - 8/2/2009 9:40:44 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7022 Description = The Panda On-Access Anti-Malware Service service hung on starting. < End of report > Monica's account Malwarebytes' Anti-Malware 1.39 Database version: 2506 Windows 5.1.2600 Service Pack 3 8/1/2009 6:18:52 PM mbam-log-2009-08-01 (18-18-52).txt Scan type: Quick Scan Objects scanned: 109898 Time elapsed: 3 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------------------------------------------------------- Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 127 Stepping 2, AuthenticAMD . [wscsvc] (Security Center) RUNNING (state:4) [sharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.5.1 (en-US) . C:\ [Fixed-NTFS] .. ( Total:148 Go - Free:116 Go ) D:\ [CD_Rom] . Scan : 12:29.42 Path : C:\Documents and Settings\monica\Desktop\Rooter.exe User : monica ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (916) ______ \??\C:\WINDOWS\system32\csrss.exe (1020) ______ \??\C:\WINDOWS\system32\winlogon.exe (1044) ______ C:\WINDOWS\system32\services.exe (1088) ______ C:\WINDOWS\system32\lsass.exe (1100) ______ C:\WINDOWS\system32\svchost.exe (1264) ______ C:\WINDOWS\system32\svchost.exe (1324) ______ C:\WINDOWS\system32\svchost.exe (1444) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (1472) ______ C:\WINDOWS\system32\svchost.exe (1552) ______ C:\WINDOWS\system32\svchost.exe (876) ______ C:\WINDOWS\system32\spoolsv.exe (284) ______ C:\WINDOWS\system32\svchost.exe (764) ______ C:\WINDOWS\system32\svchost.exe (1456) ______ C:\Program Files\Java\jre6\bin\jqs.exe (1980) ______ C:\WINDOWS\system32\nvsvc32.exe (440) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (1104) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (1780) ______ C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (296) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (124) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (1880) ______ C:\Program Files\CyberLink\Shared files\RichVideo.exe (308) ______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1700) ______ C:\WINDOWS\system32\svchost.exe (392) ______ C:\WINDOWS\system32\fxssvc.exe (1672) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (108) ______ C:\WINDOWS\Explorer.EXE (988) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (492) ______ C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (3204) ______ C:\WINDOWS\RTHDCPL.EXE (3996) ______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3196) ______ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (3212) ______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (3872) ______ C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (152) ______ C:\WINDOWS\System32\drivers\PhiBtn.exe (1224) ______ C:\WINDOWS\system32\RUNDLL32.EXE (2208) ______ C:\Program Files\Java\jre6\bin\jusched.exe (2584) ______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (2472) ______ C:\WINDOWS\system32\ctfmon.exe (3432) ______ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe (692) ______ C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (3624) ______ C:\WINDOWS\system32\wuauclt.exe (3272) ______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (2596) ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3408) ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2916) ______ C:\WINDOWS\System32\alg.exe (4004) ______ C:\WINDOWS\system32\wscntfy.exe (2232) ______ C:\Documents and Settings\monica\Desktop\Rooter.exe (2164) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:159948794880) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\EasyShare Registration Task.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 12:29.51 . C:\Rooter$\Rooter_2.txt - (02/08/2009 | 12:29.51) ------------------------------------------------------------------ ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/02 12:30 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: av5flt.sys Image Path: C:\WINDOWS\system32\drivers\av5flt.sys Address: 0xB4B12000 Size: 92544 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB6215000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5D6000 Size: 8192 File Visible: No Signed: - Status: - Name: PavSRK.sys Image Path: C:\WINDOWS\system32\PavSRK.sys Address: 0xBA470000 Size: 32768 File Visible: No Signed: - Status: - Name: PavTPK.sys Image Path: C:\WINDOWS\system32\PavTPK.sys Address: 0xB6296000 Size: 49152 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB57BA000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb5748a30 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb5747e50 Hidden Services ------------------- Service Name: vsfocedsyafrmm Image Path: C:\WINDOWS\system32\drivers\vsfocexpnfvaql.sys Service Name: vsfocetymovrod Image Path: C:\WINDOWS\system32\drivers\vsfoceulqjnogt.sys ==EOF== ------------------------------------------------------------------------ OTL logfile created on: 8/2/2009 12:32:49 PM - Run 2 OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\monica\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 75.07% Memory free 3.79 Gb Paging File | 3.43 Gb Available in Paging File | 90.54% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 116.84 Gb Free Space | 78.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DCK7T3G1 Current User Name: monica Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.) PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price) PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) PRC - C:\Documents and Settings\monica\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.) SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.) SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.) SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP) SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International) SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.) SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.) SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe () SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (APPFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\APPFLT.SYS (Panda Security, S.L.) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AvFlt [On_Demand | Running]) -- File not found DRV - (camvid40 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\camdrv41.sys (Philips Consumer Electronics) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (ComFiltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys () DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (DSAFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\DSAFLT.SYS (Panda Security, S.L.) DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (FNETMON [system | Running]) -- C:\WINDOWS\System32\Drivers\fnetmon.SYS (Panda Security, S.L.) DRV - (GoProto [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\goprot51.sys (Gteko Ltd.) DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (IDSFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\IDSFLT.SYS (Panda Security, S.L.) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (NETFLTDI [system | Running]) -- C:\WINDOWS\System32\Drivers\NETFLTDI.SYS (Panda Security, S.L.) DRV - (NETIMFLT01060034 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\neti1634.sys (Panda Security, S.L.) DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation) DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.) DRV - (PAVDRV [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys (Panda Security, S.L.) DRV - (PavProc [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys (Panda Security, S.L.) DRV - (PavSRK.sys [On_Demand | Running]) -- File not found DRV - (PavTPK.sys [On_Demand | Running]) -- File not found DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (ShldDrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys (Panda Security, S.L.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.) DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (WNMFLT [system | Running]) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS (Panda Security, S.L.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419 IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\S-1-5-21-1216478575-1639340339-3823283540-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M] [2008/10/26 09:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Extensions [2008/10/26 09:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/01 21:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Firefox\Profiles\wb83bw4w.default\extensions [2009/07/29 09:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\mozilla\Firefox\Profiles\wb83bw4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price) O4 - HKLM..\Run: [HP Component Manager] c:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\System32\drivers\Tray900.exe (Philips) O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe () O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class) O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{bcbfec60-69ce-11de-8855-001ec9755754}\Shell - "" = AutoRun O33 - MountPoints2\{bcbfec60-69ce-11de-8855-001ec9755754}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bcbfec60-69ce-11de-8855-001ec9755754}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: msncache - Service key not found. File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.) SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/08/02 12:30:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\settings.dat [2009/08/02 12:20:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/08/02 12:20:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\NTREGOPT.lnk [2009/08/02 12:20:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\ERUNT.lnk [2009/08/02 12:16:14 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\BestTechie OTL.doc [2009/08/02 12:14:41 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\monica\Desktop\RootRepeal.exe [2009/08/02 12:14:09 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\TFC.exe [2009/08/02 12:14:09 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\monica\Desktop\Rooter.exe [2009/08/02 12:14:08 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\The_Comedian.exe [2009/08/02 12:14:08 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe [2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS [2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/08/01 21:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Apple [2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/08/01 20:58:05 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Shortcut to ATF-Cleaner.exe.lnk [2009/08/01 20:51:00 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/01 20:51:00 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/01 20:51:00 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/01 20:51:00 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Foxit [2009/08/01 20:00:43 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\SpywareBlaster.lnk [2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/08/01 19:18:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/08/01 18:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Malwarebytes [2009/08/01 09:47:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Panda Security [2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2009/08/01 07:15:38 | 00,237,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys [2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys [2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys [2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS [2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS [2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys [2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys [2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys [2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat [2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl [2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll [2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll [2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys [2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll [2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL [2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll [2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll [2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys [2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys [2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security [2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/07/31 22:25:18 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys [2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools [2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads [2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Yahoo! [2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2009/07/30 20:32:05 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\CCleaner.lnk [2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/07/30 20:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\My Documents\Downloads [2009/07/29 05:25:10 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2009/07/29 05:25:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/07/28 21:16:02 | 00,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\monica\My Documents\R92578.EXE [2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys [2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys [2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys [2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys [2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys [2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/07/27 14:19:43 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat [2009/07/27 14:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14899704 [2009/07/27 14:09:38 | 00,024,130 | ---- | C] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat [2009/07/27 14:09:37 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys [2009/07/26 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\2000-01 (Jan) [2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe [2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/07/24 12:21:45 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat [2009/07/24 12:11:38 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat [2009/07/24 12:11:35 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys [2009/07/20 13:45:24 | 00,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk [2009/07/20 13:44:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BWKDLogs [2009/07/05 22:51:25 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2009/07/05 21:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\U3 [2009/07/05 21:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\My Documents\Adobe Photoshop 7.0_for PC_with serial [2009/07/05 07:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Dell [2009/07/05 07:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2009/03/05 07:51:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/12/20 20:19:31 | 00,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/08/24 11:51:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/08/21 22:04:45 | 00,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll [2008/08/21 22:04:45 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll [2008/08/03 21:17:01 | 00,000,188 | ---- | C] () -- C:\WINDOWS\ViewNX.INI [2008/07/08 14:40:14 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/06/01 10:06:22 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/04/19 07:40:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/19 07:05:47 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/04/19 07:05:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/04/19 07:05:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/04/19 07:05:45 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/04/19 07:05:45 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/04/19 07:04:20 | 00,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [2009/08/02 12:30:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\settings.dat [2009/08/02 12:27:11 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck [2009/08/02 12:27:11 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg [2009/08/02 12:27:10 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck [2009/08/02 12:27:10 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg [2009/08/02 12:27:10 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck [2009/08/02 12:27:10 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg [2009/08/02 12:27:09 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck [2009/08/02 12:27:09 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg [2009/08/02 12:27:08 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2009/08/02 12:27:08 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2009/08/02 12:27:08 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck [2009/08/02 12:27:08 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt [2009/08/02 12:26:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck [2009/08/02 12:26:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg [2009/08/02 12:26:20 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck [2009/08/02 12:26:20 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt [2009/08/02 12:26:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/08/02 12:25:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/08/02 12:25:57 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys [2009/08/02 12:20:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/08/02 12:20:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\NTREGOPT.lnk [2009/08/02 12:20:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\ERUNT.lnk [2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe [2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\monica\Desktop\Rooter.exe [2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\TFC.exe [2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\The_Comedian.exe [2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\BestTechie OTL.doc [2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys [2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/08/01 20:58:05 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Shortcut to ATF-Cleaner.exe.lnk [2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/01 20:50:48 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/01 20:50:48 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/01 20:50:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2009/08/01 20:00:43 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\SpywareBlaster.lnk [2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe [2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck [2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls [2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/07/31 23:35:49 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini [2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat [2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/07/30 20:32:05 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\CCleaner.lnk [2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\monica\Desktop\RootRepeal.exe [2009/07/29 18:16:04 | 00,065,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfoceulqjnogt.sys [2009/07/29 17:09:58 | 00,024,130 | ---- | M] () -- C:\WINDOWS\System32\vsfocektukqpdb.dat [2009/07/29 17:09:58 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocehjiydjso.dat [2009/07/29 09:54:12 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb [2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb [2009/07/29 05:26:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/07/28 21:16:09 | 00,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\monica\My Documents\R92578.EXE [2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys [2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/07/27 02:37:41 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\vsfoceraigpioj.dat [2009/07/27 02:37:41 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfocetyijetjc.dat [2009/07/26 10:27:18 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/07/25 10:30:59 | 00,067,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsfocexpnfvaql.sys [2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2009/07/20 13:45:24 | 00,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk [2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job [2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll [2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/07/05 22:55:36 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2009/07/05 22:09:35 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2009/07/05 07:33:38 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk [2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll [2009/07/03 13:09:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2009/07/03 13:09:28 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll [2009/07/03 13:09:27 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll [2009/07/03 13:09:27 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2009/07/03 13:09:25 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2009/07/03 13:09:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll [2009/07/03 13:09:24 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2009/07/03 13:09:24 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2009/07/03 13:09:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2009/07/03 13:09:23 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2009/07/03 13:09:23 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2009/07/03 13:09:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll ========== LOP Check ========== [2009/08/01 08:55:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver [2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704 [2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead [2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother [2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar [2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo [2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data [2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead [2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink [2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon [2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security [2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux [2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template [2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver [2009/08/01 09:05:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CyberLink [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver [2009/08/01 09:03:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data [2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CyberLink [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver [2009/07/28 17:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data [2009/08/01 20:23:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\monica\Application Data [2008/12/23 22:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Ahead [2008/08/21 22:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ArcSoft [2009/01/06 20:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\CyberLink [2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Foxit [2008/08/03 20:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Nikon [2008/11/28 13:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Skinux [2008/06/02 07:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Template [2009/07/06 09:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\U3 [2008/07/31 13:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint [2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\You've Got Pictures Screensaver [2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data [2009/08/01 19:18:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/07/20 13:44:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job [2009/08/02 12:26:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\System32\antiwpa.dll > < %systemroot%\SYSTEM32\wpa.dll > < %systemroot%\setup\scripts\biestart.exe > < %systemroot%\system32\drivers\royal.sys > < %systemroot%\system32\oobe\AntiWPA_Crypt.dll > < %TEMP%\antiwpa_crypt.dll > < %TEMP%\antiwpa.dll /s > < %PROGRAMFILES%\antiwpa.dll /s > < %systemroot%\system32\crypt.dll > < %TEMP%\crypt.dll > < %SYSTEMDRIVE%\*. > [2009/08/02 12:32:22 | 00,000,000 | ---D | M] -- C: [2009/08/02 10:18:31 | 00,000,000 | -H-D | M] -- C:\Config.Msi [2009/07/28 21:17:15 | 00,000,000 | ---D | M] -- C:\dell [2009/07/31 22:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings [2008/04/09 18:40:08 | 00,000,000 | ---D | M] -- C:\drivers [2008/06/03 08:43:46 | 00,000,000 | ---D | M] -- C:\i386 [2008/04/19 07:35:44 | 00,000,000 | ---D | M] -- C:\My Music [2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files [2009/07/31 22:15:31 | 00,000,000 | -HSD | M] -- C:\RECYCLER [2009/08/02 12:29:51 | 00,000,000 | ---D | M] -- C:\Rooter$ [2008/06/18 14:22:45 | 00,000,000 | ---D | M] -- C:\swsetup [2009/08/02 11:51:00 | 00,000,000 | -HSD | M] -- C:\System Volume Information [2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\temp [2009/08/02 12:27:24 | 00,000,000 | ---D | M] -- C:\WINDOWS < %SYSTEMDRIVE%\*.* > [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/06/01 09:47:33 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/04/19 07:07:40 | 00,006,925 | RH-- | M] () -- C:\dell.sdr [2009/08/02 12:25:57 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys [2003/12/08 13:15:56 | 00,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll [2008/06/01 10:09:46 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\IO.SYS [2008/04/19 07:36:33 | 00,001,211 | -H-- | M] () -- C:\IPH.PH [2009/08/01 20:54:08 | 00,000,792 | ---- | M] () -- C:\JavaRa.log [2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/19 19:10:04 | 00,250,048 | RHS- | M] () -- C:\ntldr [2009/08/02 12:25:56 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys [2009/08/02 12:02:36 | 00,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-02-36).txt [2009/08/02 12:31:01 | 00,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-31-01).txt [2008/04/19 07:36:40 | 00,000,071 | ---- | M] () -- C:\SystemInfo.ini [2008/06/15 16:01:41 | 00,002,553 | ---- | M] () -- C:\_Sid.txt < %PROGRAMFILES%\*. > [2009/08/02 11:49:24 | 00,000,000 | R--D | M] -- C:\Program Files [2009/07/31 21:26:18 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/08/01 21:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2009/08/01 20:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\AskBarDis [2008/12/21 10:18:19 | 00,000,000 | ---D | M] -- C:\Program Files\AskSearch [2009/07/30 20:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner [2009/07/31 23:33:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files [2004/08/10 13:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2009/07/05 07:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2009/01/06 20:20:28 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink [2008/12/20 20:24:19 | 00,000,000 | ---D | M] -- C:\Program Files\Dell [2008/04/19 07:30:25 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center [2009/08/02 12:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT [2008/06/11 09:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\Fisher-Price [2009/08/01 20:23:38 | 00,000,000 | ---D | M] -- C:\Program Files\Foxit Software [2009/07/27 20:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Google [2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2008/06/15 15:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\Hp [2009/07/31 23:34:19 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009/07/29 05:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2009/08/01 20:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\Java [2009/07/31 21:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools [2009/07/20 13:44:53 | 00,000,000 | ---D | M] -- C:\Program Files\Kodak [2008/08/21 18:31:11 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys EasyLink Advisor [2009/07/31 22:36:32 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/09/19 19:17:13 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger [2009/03/05 07:45:56 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2009/03/05 07:46:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009/06/11 03:02:52 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2008/04/19 07:25:26 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool [2008/09/19 19:14:04 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2009/08/02 09:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009/03/29 10:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild [2004/08/10 13:01:16 | 00,000,000 | ---D | M] -- C:\Program Files\MSN [2004/08/10 13:01:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone [2008/06/03 07:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2008/04/19 07:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0 [2008/11/24 21:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Nero [2008/09/19 19:12:25 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2008/08/03 20:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon [2009/08/01 21:31:41 | 00,000,000 | ---D | M] -- C:\Program Files\NOS [2004/08/10 13:01:34 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services [2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security [2008/08/21 22:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\Philips [2009/06/03 20:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\PhoTags Express [2009/08/01 21:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime [2009/03/29 10:11:15 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2009/03/14 11:47:19 | 00,000,000 | R--D | M] -- C:\Program Files\Skype [2009/08/01 20:01:17 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster [2008/09/27 07:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\The Rosetta Stone [2008/07/08 19:31:09 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite [2008/07/08 19:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2 [2004/08/10 13:08:30 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2008/10/26 09:45:34 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2008/10/26 18:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital [2008/10/26 18:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies [2008/10/12 09:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2 [2008/10/13 03:07:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2008/09/19 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT [2004/08/10 13:02:52 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2004/08/10 13:04:18 | 00,000,000 | ---D | M] -- C:\Program Files\xerox [2009/07/30 20:32:11 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! < %systemroot%\*.exe > [2008/04/06 21:25:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE [2008/04/06 21:25:28 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2008/04/13 20:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe [1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2008/04/06 21:25:36 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe [2008/04/13 20:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe [2008/04/06 21:25:38 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE [2008/04/06 21:25:40 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE [2008/04/06 21:25:40 | 01,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2006/08/02 10:29:04 | 00,077,824 | ---- | M] () -- C:\WINDOWS\setpwr32.exe [2008/04/06 21:25:42 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2008/04/13 20:12:35 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe [2008/04/06 21:25:42 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2004/08/04 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE [2004/08/04 05:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe [2004/08/04 05:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe [2007/03/20 22:22:04 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroBackItUp.exe [2007/06/27 20:05:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroMediaHome.exe [2007/02/28 17:41:02 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroShowTime.exe [2007/06/26 15:12:02 | 00,972,072 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe [2007/04/23 17:42:50 | 00,972,336 | ---- | M] (Nero AG) -- C:\WINDOWS\UNRecode.exe [2004/08/04 05:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe [2008/04/13 20:12:39 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe < %systemroot%\system32\drivers\*.exe > [2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe [2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe < %systemroot%\system32\drivers\*.dat > [2009/08/02 11:02:46 | 00,237,688 | ---- | M] () -- C:\WINDOWS\system32\drivers\APPFCONT.DAT < %systemroot%\system\*.exe > < %PROGRAMFILES%\*.* > < %APPDATA%\*.* > [2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\monica\Application Data\desktop.ini [2008/08/03 20:13:54 | 00,000,268 | RH-- | M] () -- C:\Documents and Settings\monica\Application Data\Templates [2008/08/03 20:21:43 | 00,000,268 | RH-- | M] () -- C:\Documents and Settings\monica\Application Data\Themes [2008/06/02 07:53:59 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\wklnhst.dat < set /c > ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\monica\Application Data CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DCK7T3G1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\monica LOGONSERVER=\\DCK7T3G1 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 127 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=7f02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\monica\LOCALS~1\Temp TMP=C:\DOCUME~1\monica\LOCALS~1\Temp USERDOMAIN=DCK7T3G1 USERNAME=monica USERPROFILE=C:\Documents and Settings\monica windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation < End of report > ------------------------------------------------------------------------------------- No Extra.txt created Link to post Share on other sites
TheTerrorist_75 Posted August 4, 2009 Author Report Share Posted August 4, 2009 As suggested here is the ComboFix log.ComboFix 09-08-04.02 - Bill 08/04/2009 18:20.1.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1352 [GMT -4:00]Running from: c:\documents and settings\Bill\Desktop\ComboFix.exeAV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}FW: Panda Personal Firewall 2009 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Bill\LOCALS~1\Temp\IadHide5.dllc:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnkc:\documents and settings\All Users\Desktop\PhoTags Express .lnkc:\documents and settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnkc:\documents and settings\Bill\Local Settings\Temp\IadHide5.dllc:\documents and settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnkc:\documents and settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnkc:\documents and settings\monica\Favorites\Digestive Wellness for Children How ... - Google Books.urlc:\documents and settings\monica\Favorites\The Gluten-free Gourmet Makes ... - Google Books.urlc:\program files\AskSearch\bin\DefaultSearch.dllc:\windows\Fonts\mlogc:\windows\Install.txtc:\windows\Installer\1e1c3a13.msic:\windows\Installer\9098845.msic:\windows\system32\drivers\vsfoceulqjnogt.sysc:\windows\system32\drivers\vsfocexpnfvaql.sysc:\windows\system32\Install.txtc:\windows\system32\vsfocehjiydjso.datc:\windows\system32\vsfocektukqpdb.datc:\windows\system32\vsfoceraigpioj.datc:\windows\system32\vsfocetyijetjc.dat.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_6TO4-------\Legacy_IAS-------\Legacy_MSNCACHE-------\Legacy_SOPIDKC-------\Service_vsfocedsyafrmm-------\Service_vsfocetymovrod((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 ))))))))))))))))))))))))))))))).2009-08-02 16:00 . 2009-08-02 16:29 -------- d-----w- C:\Rooter$2009-08-02 15:49 . 2009-08-02 16:20 -------- d-----w- c:\program files\ERUNT2009-08-02 13:36 . 2009-08-02 13:36 -------- d-----w- c:\documents and settings\Bill\Application Data\Yahoo!2009-08-02 01:20 . 2009-08-02 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2009-08-02 01:20 . 2009-08-02 01:31 -------- d-----w- c:\program files\NOS2009-08-02 01:13 . 2009-08-02 01:14 -------- d-----w- c:\program files\QuickTime2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\Apple2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\program files\Apple Software Update2009-08-02 01:13 . 2009-08-02 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2009-08-02 00:51 . 2009-08-02 00:50 410984 ----a-w- c:\windows\system32\deploytk.dll2009-08-02 00:50 . 2009-08-02 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2009-08-02 00:50 . 2009-08-02 00:50 152576 ----a-w- c:\documents and settings\monica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll2009-08-02 00:23 . 2009-08-02 00:23 -------- d-----w- c:\program files\Foxit Software2009-08-02 00:23 . 2009-08-02 00:23 -------- d-----w- c:\documents and settings\monica\Application Data\Foxit2009-08-02 00:00 . 2009-08-02 00:01 -------- d-----w- c:\program files\SpywareBlaster2009-08-01 23:15 . 2009-08-02 14:18 -------- dc----w- c:\windows\system32\DRVSTORE2009-08-01 23:14 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft2009-08-01 22:14 . 2009-08-01 22:14 -------- d-----w- c:\documents and settings\monica\Application Data\Malwarebytes2009-08-01 13:47 . 2009-08-01 13:47 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\Panda Security2009-08-01 11:15 . 2009-08-04 22:07 239860 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT2009-08-01 11:15 . 2008-06-18 20:06 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys2009-08-01 11:15 . 2008-06-18 20:06 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys2009-08-01 11:15 . 2008-06-18 20:06 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys2009-08-01 11:15 . 2008-07-11 18:58 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS2009-08-01 11:15 . 2008-06-25 19:42 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS2009-08-01 11:15 . 2008-03-28 15:25 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys2009-08-01 03:35 . 2009-08-02 13:31 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys2009-08-01 03:35 . 2009-08-01 03:35 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Panda Security2009-08-01 03:33 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys2009-08-01 03:33 . 2009-08-01 03:33 -------- d-----w- c:\program files\Common Files\Panda Security2009-08-01 03:33 . 2008-03-04 19:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys2009-08-01 03:33 . 2008-02-07 16:03 179640 ----a-w- c:\windows\system32\drivers\PavProc.sys2009-08-01 02:36 . 2009-08-01 02:36 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes2009-08-01 02:36 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-08-01 02:36 . 2009-08-01 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-08-01 02:36 . 2009-08-01 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-08-01 02:36 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-08-01 01:49 . 2009-08-01 01:49 -------- d-----w- c:\program files\jv16 PowerTools2009-07-31 00:32 . 2009-08-02 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\documents and settings\monica\Application Data\Yahoo!2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\program files\Yahoo!2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\program files\CCleaner2009-07-29 09:25 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll2009-07-29 09:25 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll2009-07-28 21:25 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys2009-07-28 21:25 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2009-07-28 21:22 . 2009-07-28 21:22 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys2009-07-28 21:22 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys2009-07-28 21:22 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys2009-07-28 21:22 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys2009-07-28 21:17 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys2009-07-27 18:33 . 2009-07-27 18:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-07-27 18:10 . 2009-07-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\148997042009-07-26 13:39 . 2009-08-01 13:02 17828326 ----a-w- c:\documents and settings\All Users\Application Data\vlc-1.0.0-win32.exe2009-07-25 06:21 . 2009-07-25 06:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-07-20 17:44 . 2009-07-20 17:44 -------- d-----w- c:\windows\system32\BWKDLogs2009-07-20 17:44 . 2009-07-20 17:44 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe2009-07-20 17:43 . 2009-07-20 17:43 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_14b2ea7\EasyShrx.Dll2009-07-20 17:43 . 2008-11-28 13:50 2258312 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_14b2ea7\Setup.exe2009-07-20 17:43 . 2009-07-20 17:43 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll2009-07-06 13:42 . 2006-05-24 17:36 110592 ----a-w- c:\documents and settings\monica\Application Data\U3\temp\cleanup.exe2009-07-06 01:48 . 2009-07-06 13:42 -------- d-----w- c:\documents and settings\monica\Application Data\U3.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-04 22:30 . 2008-08-19 09:33 -------- d-----w- c:\documents and settings\Bill\Application Data\Skype2009-08-04 22:27 . 2008-08-21 22:30 -------- d-----w- c:\program files\Linksys EasyLink Advisor2009-08-04 22:26 . 2009-08-01 11:15 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck2009-08-04 22:26 . 2009-08-01 11:15 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG2009-08-04 22:07 . 2009-08-01 11:15 239860 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck2009-08-02 18:14 . 2008-08-19 22:30 -------- d-----w- c:\documents and settings\monica\Application Data\Skype2009-08-02 00:54 . 2008-04-19 11:23 -------- d-----w- c:\program files\Java2009-08-02 00:23 . 2008-12-21 14:18 -------- d-----w- c:\program files\AskBarDis2009-08-01 12:58 . 2009-01-07 00:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe2009-08-01 03:34 . 2009-08-01 03:34 249 ----a-w- c:\windows\system32\PavCPL.dat2009-08-01 03:34 . 2009-08-01 03:34 -------- d-----w- c:\program files\Panda Security2009-08-01 03:34 . 2009-08-01 03:34 -------- d-----w- c:\documents and settings\Bill\Application Data\Panda Security2009-08-01 03:34 . 2009-08-01 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security2009-08-01 03:34 . 2008-04-19 11:25 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-01 02:22 . 2009-08-01 02:14 42096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-07-30 11:52 . 2008-10-26 22:59 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo2009-07-28 00:54 . 2008-04-19 11:28 -------- d-----w- c:\program files\Google2009-07-20 17:44 . 2008-11-28 13:52 -------- d-----w- c:\program files\Kodak2009-07-06 02:50 . 2008-04-19 11:28 -------- d-----w- c:\program files\Common Files\Adobe2009-07-05 11:29 . 2009-07-05 11:29 -------- d-----w- c:\program files\CONEXANT2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-11 07:02 . 2008-04-19 11:30 -------- d-----w- c:\program files\Microsoft Works2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll2009-05-07 15:32 . 2004-08-10 16:51 345600 ----a-w- c:\windows\system32\localspl.dll2009-07-15 20:30 . 2009-07-28 21:14 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-18 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-18 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-07 24095528]"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-08-29 487424]"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-07 16859648]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-07 1626112]c:\documents and settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]c:\documents and settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-5 113664]HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]HP Image Zone Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2009-6-3 368640][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]2008-03-18 20:58 58672 ----a-w- c:\windows\system32\avldr.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"1700:TCP"= 1700:TCP:MioNet Remote Drive Access"1641:TCP"= 1641:TCP:MioNet Remote Drive VerificationR0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [7/31/2009 11:33 PM 28544]R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [8/1/2009 7:15 AM 73728]R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [8/1/2009 7:15 AM 52992]R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [8/1/2009 7:15 AM 22072]R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [8/1/2009 7:15 AM 193792]R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [8/1/2009 7:15 AM 158848]R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [7/31/2009 11:33 PM 41144]R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [8/1/2009 7:15 AM 46720]R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [7/31/2009 11:33 PM 179640]R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [7/31/2009 11:34 PM 28928]R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [7/31/2009 11:34 PM 197888]R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [8/21/2008 10:04 PM 1240576]S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [7/31/2009 11:35 PM 13880][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]panda REG_MULTI_SZ Gwmsrv[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder2009-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34].- - - - ORPHANS REMOVED - - - -HKU-Default-Run-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe.------- Supplementary Scan -------.uStart Page = hxxp://www.auctionsinternational.com/mSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200Trusted Zone: rbrooks.com\projectDPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxps://project.rbrooks.com/ProjectServer/objects/pjclient.cabDPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxps://project.rbrooks.com/ProjectServer/objects/1033/pjcintl.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\789pe03b.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-04 18:27Windows 5.1.2600 Service Pack 3 NTFSdetected NTDLL code modification:ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFilescanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1052)c:\windows\system32\avldr.dll- - - - - - - > 'explorer.exe'(2924)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exec:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exec:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exec:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exec:\program files\CyberLink\Shared files\RichVideo.exec:\program files\Dell Support Center\bin\sprtsvc.exec:\program files\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXEc:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXEc:\windows\system32\fxssvc.exec:\program files\Panda Security\Panda Antivirus Pro 2009\FIREWALL\PSHost.exec:\windows\system32\rundll32.exec:\program files\Common Files\Ahead\Lib\NMIndexingService.exec:\windows\system32\wscntfy.exec:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exec:\program files\Hp\Digital Imaging\bin\hpqgalry.exe.**************************************************************************.Completion time: 2009-08-04 18:31 - machine was rebootedComboFix-quarantined-files.txt 2009-08-04 22:31Pre-Run: 125,244,215,296 bytes freePost-Run: 125,124,231,168 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe381 --- E O F --- 2009-07-29 20:58 Link to post Share on other sites
Rorschach112 Posted August 4, 2009 Report Share Posted August 4, 2009 sorry I've been away, busy weekwho suggested combofix ?Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLO33 - MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not foundO33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not foundNetSvcs: msncache - Service key not found. File not found[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704:Services:Reg[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\WINDOWS\fonts\services.exe"=-:Files:Commands[purity][emptytemp][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is doneOpen OTL again, paste NetSvcs under Custom Scan and click the Quick Scan button. Post the log it produces in your next reply.Make sure to use Internet Explorer for thisPlease go to VirSCAN.org FREE on-line scan serviceCopy and paste the following file path into the "Suspicious files to scan" box on the top of the page:C:\WINDOWS\system32\svchost.exe[*]Click on the Upload button[*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.[*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.[*]Paste the contents of the Clipboard in your next reply. Link to post Share on other sites
TheTerrorist_75 Posted August 5, 2009 Author Report Share Posted August 5, 2009 Rock, Jeff and Matt suggested ComboFix. Here's the new logs.All processes killedError: Unable to interpret <OTL> in the current context!Error: Unable to interpret <O33 - MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found> in the current context!Error: Unable to interpret <O33 - MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found> in the current context!Error: Unable to interpret <NetSvcs: msncache - Service key not found. File not found> in the current context!Error: Unable to interpret <[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704> in the current context!========== SERVICES/DRIVERS ==================== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\fonts\services.exe not found.========== FILES ==================== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: All UsersUser: Bill->Temp folder emptied: 614608 bytesFile delete failed. C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 8422626 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 32152879 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytesUser: LocalService->Temp folder emptied: 0 bytesFile delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 32969 bytesUser: monica->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytesFile delete failed. C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_0 scheduled to be deleted on reboot.Windows Temp folder emptied: 10518528 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 49.34 mbOTL by OldTimer - Version 3.0.10.4 log created on 08052009_091803Files\Folders moved on Reboot...C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_0 moved successfully.Registry entries deleted on Reboot...OTL logfile created on: 8/5/2009 9:27:41 AM - Run 3OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 74.75% Memory free3.79 Gb Paging File | 3.42 Gb Available in Paging File | 90.39% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 148.96 Gb Total Space | 116.55 Gb Free Space | 78.24% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DCK7T3G1Current User Name: BillLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = MinimalQuick Scan========== Processes (SafeList) ==========PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)PRC - C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe (Panda Security, S.L.)PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe (Panda Security, S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)========== Win32 Services (SafeList) ==========SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.)SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auctionsinternational.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Ask"FF - prefs.js..browser.search.order.1: "Ask"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14FF - prefs.js..extensions.enabledItems: [email protected]:1.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M][2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2008/07/08 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\[email protected][2009/08/02 09:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions[2009/07/29 05:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2008/12/25 19:02:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\FireFox\Profiles\789pe03b.default\searchplugins\ask.xml[2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xmlO1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: rbrooks.com ([project] https in Trusted sites)O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class)O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class)O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not foundNetSvcs: 6to4 - Service key not found. File not foundNetSvcs: Ias - Service key not found. File not foundNetSvcs: Iprip - Service key not found. File not foundNetSvcs: Irmon - Service key not found. File not foundNetSvcs: NWCWorkstation - Service key not found. File not foundNetSvcs: Nwsapagent - Service key not found. File not foundNetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)NetSvcs: WmdmPmSp - Service key not found. File not foundNetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)========== Files/Folders - Created Within 14 Days ==========[2009/08/05 09:18:03 | 00,000,000 | ---D | C] -- C:\_OTL[2009/08/05 09:17:13 | 00,000,108 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url[2009/08/05 09:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss[2009/08/04 18:31:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache[2009/08/04 18:16:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2009/08/04 18:16:55 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe[2009/08/04 18:16:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2009/08/04 18:16:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2009/08/04 18:16:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2009/08/04 18:16:55 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2009/08/04 18:16:55 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2009/08/04 18:16:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2009/08/04 18:16:37 | 00,000,000 | --SD | C] -- C:\ComboFix[2009/08/04 18:16:34 | 00,000,000 | ---D | C] -- C:\Qoobox[2009/08/04 18:16:10 | 03,155,496 | R--- | C] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe[2009/08/02 12:01:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat[2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$[2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2009/08/02 11:49:29 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk[2009/08/02 11:49:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk[2009/08/02 11:49:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk[2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT[2009/08/02 11:39:05 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe[2009/08/02 11:36:54 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe[2009/08/02 11:36:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe[2009/08/02 11:36:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe[2009/08/02 11:36:40 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe[2009/08/02 11:29:39 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc[2009/08/02 09:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Yahoo![2009/08/02 09:34:37 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk[2009/08/02 09:34:03 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk[2009/08/02 09:33:41 | 00,001,560 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS[2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk[2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime[2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple[2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee[2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software[2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster[2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE[2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft[2009/08/01 07:15:38 | 00,239,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck[2009/08/01 07:15:38 | 00,239,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG[2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys[2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys[2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys[2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS[2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS[2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys[2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC[2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys[2009/07/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Panda Security[2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys[2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat[2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl[2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll[2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll[2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys[2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll[2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL[2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll[2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll[2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Panda Security[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security[2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys[2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys[2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys[2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security[2009/07/31 22:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes[2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2009/07/31 22:25:18 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys[2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools[2009/07/31 21:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\CCleaner backup[2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion[2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo![2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner[2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys[2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys[2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys[2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys[2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys[2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2009/07/27 14:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14899704[2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe[2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI========== Files - Modified Within 14 Days ==========[2009/08/05 09:23:33 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck[2009/08/05 09:23:33 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg[2009/08/05 09:23:32 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck[2009/08/05 09:23:32 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG[2009/08/05 09:23:32 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck[2009/08/05 09:23:32 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg[2009/08/05 09:23:32 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck[2009/08/05 09:23:32 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt[2009/08/05 09:23:32 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck[2009/08/05 09:23:32 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg[2009/08/05 09:23:32 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck[2009/08/05 09:23:32 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg[2009/08/05 09:23:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck[2009/08/05 09:23:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt[2009/08/05 09:23:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck[2009/08/05 09:23:21 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg[2009/08/05 09:22:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/08/05 09:22:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/08/05 09:22:40 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys[2009/08/05 09:17:13 | 00,000,108 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url[2009/08/05 09:12:30 | 00,000,211 | RHS- | M] () -- C:\boot.ini[2009/08/05 09:12:28 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini[2009/08/05 09:12:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009/08/04 18:26:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2009/08/04 18:14:03 | 03,155,496 | R--- | M] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe[2009/08/04 18:07:09 | 00,239,860 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck[2009/08/04 18:07:09 | 00,239,860 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT[2009/08/04 18:01:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/08/02 12:01:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat[2009/08/02 11:49:29 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk[2009/08/02 11:49:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk[2009/08/02 11:49:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk[2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe[2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe[2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe[2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe[2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc[2009/08/02 09:34:37 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk[2009/08/02 09:34:03 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk[2009/08/02 09:33:41 | 00,001,560 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk[2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys[2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk[2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls[2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC[2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat[2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe[2009/07/29 09:54:12 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb[2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb[2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys[2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI========== LOP Check ==========[2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data[2009/07/28 17:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14899704[2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead[2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar[2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink[2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp[2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo[2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI[2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp[2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15[2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall[2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data[2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead[2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink[2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security[2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux[2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template[2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009/08/05 09:22:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation< End of report >VirSCAN.org Scanned Report :Scanned time : 2009/08/05 09:58:50 (EDT)Scanner results: All Scanners reported not find malware!File Name : svchost.exeFile Size : 14336 byteFile Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bitMD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667Online report : http://virscan.org/report/e7b3f20fa50548c8...69d131e8f8.htmlScanner Engine Ver Sig Ver Sig Date Time Scan resulta-squared 4.5.0.3 20090803230129 2009-08-03 0.35 -AhnLab V3 2009.08.03.08 2009.08.03 2009-08-03 0.77 -AntiVir 8.2.0.240 7.1.5.75 2009-08-05 0.14 -Antiy 2.0.18 20090804.2672262 2009-08-04 0.23 -Arcavir 2009 200908050752 2009-08-05 0.03 -Authentium 5.1.1 200908042144 2009-08-04 1.37 -AVAST! 4.7.4 090805-0 2009-08-05 0.00 -AVG 8.5.288 270.13.44/2283 2009-08-05 0.35 -BitDefender 7.81008.3833772 7.27008 2009-08-05 3.45 -CA (VET) 9.0.0.143 31.6.6658 2009-08-05 12.35 -ClamAV 0.95.2 9655 2009-08-05 0.01 -Comodo 3.10 1874 2009-08-05 0.78 -CP Secure 1.1.0.715 2009.08.05 2009-08-05 11.81 -Dr.Web 4.44.0.9170 2009.08.05 2009-08-05 5.06 -F-Prot 4.4.4.56 20090804 2009-08-04 1.31 -F-Secure 7.02.73807 2009.07.29.10 2009-07-29 0.04 -Fortinet 2.81-3.120 10.681 2009-08-05 0.90 -GData 19.6884/19.427 20090805 2009-08-05 6.35 -ViRobot 20090730 2009.07.30 2009-07-30 0.59 -Ikarus T3.1.01.64 2009.08.05.73162 2009-08-05 3.19 -JiangMin 11.0.800 2009.08.05 2009-08-05 8.36 -Kaspersky 5.5.10 2009.08.05 2009-08-05 0.06 -KingSoft 2009.2.5.15 2009.8.5.18 2009-08-05 0.61 -McAfee 5.3.00 5698 2009-08-04 3.00 -Microsoft 1.4903 2009.08.05 2009-08-05 7.58 -Norman 6.01.09 6.01.00 2009-08-04 4.01 -Panda 9.05.01 2009.08.04 2009-08-04 2.77 -Trend Micro 8.700-1004 6.344.05 2009-08-05 0.03 -Quick Heal 10.00 2009.08.05 2009-08-05 1.06 -Rising 20.0 21.41.24.00 2009-08-05 0.80 -Sophos 2.89.1 4.44 2009-08-05 2.85 -Sunbelt 5313 5313 2009-08-04 1.32 -Symantec 1.3.0.24 20090804.003 2009-08-04 0.05 -nProtect 20090805.02 4971415 2009-08-05 7.29 -The Hacker 6.3.4.3 v00375 2009-07-31 0.75 -VBA32 3.12.10.9 20090804.1427 2009-08-04 1.81 -VirusBuster 4.5.11.10 10.111.3/1829987 2009-08-04 2.23 - Link to post Share on other sites
Rorschach112 Posted August 5, 2009 Report Share Posted August 5, 2009 can you try the OTL step again, seems you may have made a mistakeMake sure to copy everything from :OTL and downthen do thisDownload TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete cleanPlease download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Go to Kaspersky website and perform an online antivirus scan.Read through the requirements and privacy statement and click on Accept button.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.When the downloads have finished, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchivesMail databases[*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here. Link to post Share on other sites
TheTerrorist_75 Posted August 5, 2009 Author Report Share Posted August 5, 2009 When I ran OTL the first time with the items in the Code box upon rebooting the Windows is starting screen came up then went black. I let it sit but nothing happened. I had to shut the PC off then restart it to get back to the desktop.This time no problem with OTL, but upon reboot after running TFC the same thing occured. This time I had to boot into Safe Mode. In Safe Mode my mouse wouldn't work so I used the keyboard to reboot. I tried several times to get to the desktop in normal mode but only got a black screen. I ended up having to use Last known good configuration to get back to the desktop.Here are the logs, but I suspect something is amiss that the PC doesn't want to boot normally. I won't be back on until after 5PM EST. I will run the Kaspersky scan then and post the log.All processes killed========== OTL ==========Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de488a-a3ae-11dd-8801-001ec9755754}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5de488a-a3ae-11dd-8801-001ec9755754}\ not found.File E:\wd_windows_tools\WDSetup.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8817e38-43e1-11dd-87dc-001ec9755754}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8817e38-43e1-11dd-87dc-001ec9755754}\ not found.File E:\InstallTomTomHOME.exe not found.Unable to remove msncache from NetSvcs value.C:\Documents and Settings\All Users\Application Data\14899704 moved successfully.========== SERVICES/DRIVERS ==================== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\fonts\services.exe not found.========== FILES ==================== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: All UsersUser: Bill->Temp folder emptied: 620812 bytesFile delete failed. C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 9826987 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytesUser: LocalService->Temp folder emptied: 0 bytesFile delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 33170 bytesUser: monica->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytesFile delete failed. C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_1 scheduled to be deleted on reboot.Windows Temp folder emptied: 10627107 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 20.13 mbOTL by OldTimer - Version 3.0.10.4 log created on 08052009_122946Files\Folders moved on Reboot...C:\WINDOWS\temp\cace2423dfb97c58fe7dd9f120557063PSK_PLUGINS_1 moved successfully.Registry entries deleted on Reboot...Malwarebytes' Anti-Malware 1.40Database version: 2564Windows 5.1.2600 Service Pack 38/5/2009 1:01:22 PMmbam-log-2009-08-05 (13-01-22).txtScan type: Quick ScanObjects scanned: 110776Time elapsed: 4 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites
Rorschach112 Posted August 5, 2009 Report Share Posted August 5, 2009 so you cant boot into normal mode at all now ?can you do the kaspersky step ? Link to post Share on other sites
TheTerrorist_75 Posted August 6, 2009 Author Report Share Posted August 6, 2009 Whem I got back home and started the PC it went to the black screen after the Windows is starting screen. I had to turn off the PC and restart it then select Last known good configuration again to get to the desktop. After that I ran chkdsk. It booted to Windows once it completed. Kaspersky shows no malware. I am going to see if the PC boots normal after shutting it down.It still doesn't want to boot into normal mode easily. I checked Event Viewer in Safe Mode and the following problem was listed several times. Now I need to troubleshoot why this is occuring.Event Type: ErrorEvent Source: Service Control ManagerEvent Category: NoneEvent ID: 7026Date: 8/5/2009Time: 9:03:13 PMUser: N/AComputer: DCK7T3G1Description:The following boot-start or system-start driver(s) failed to load: AFDAPPFLTDSAFLTFipsFNETMONIDSFLTIPSecMRxSmbNetBIOSNetBTNETFLTDIpavbootProcessorRasAcdRdbssShldDrvTcpipWNMFLTFor more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.I ran sfc /scannow then restarted the PC. It actually booted to the desktop. Hopefully in the morning it will do the same. Link to post Share on other sites
Rorschach112 Posted August 6, 2009 Report Share Posted August 6, 2009 may need to send you to a tech to sort that out if you cant stay in normal modeopen OTL paste NetSvcs under Custom Scan and click Quick Scan, post that log Link to post Share on other sites
TheTerrorist_75 Posted August 6, 2009 Author Report Share Posted August 6, 2009 Successfully booted straight to the desktop this morning. The malware must have corrupted one of the Windows Protected Files and the sfc /scannow repaired it.Here is the NetSvcs scan.OTL logfile created on: 8/6/2009 8:15:51 AM - Run 4OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Bill\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.47% Memory free3.79 Gb Paging File | 3.37 Gb Available in Paging File | 89.04% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 148.96 Gb Total Space | 115.89 Gb Free Space | 77.80% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DCK7T3G1Current User Name: BillLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = MinimalQuick Scan========== Processes (SafeList) ==========PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)PRC - C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe (Panda Security, S.L.)PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)PRC - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)PRC - C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE (Panda Security, S.L.)PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe (Panda Security, S.L.)========== Win32 Services (SafeList) ==========SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)SRV - (Gwmsrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Gwmsrv.dll (Panda Security, S.L.)SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe (Panda Security, S.L.)SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe (Panda Security, S.L.)SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe (Panda Security, S.L.)SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)SRV - (PSHost [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE (Panda Software International)SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe (Panda Security S.L.)SRV - (PskSvcRetail [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe (Panda Security, S.L.)SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auctionsinternational.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Ask"FF - prefs.js..browser.search.order.1: "Ask"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14FF - prefs.js..extensions.enabledItems: [email protected]:1.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 05:29:48 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/01 20:50:49 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 21:14:13 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 21:31:19 | 00,000,000 | ---D | M][2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions[2008/10/26 09:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2008/07/08 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\[email protected][2009/08/02 09:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions[2009/07/29 05:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\789pe03b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2008/12/25 19:02:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\FireFox\Profiles\789pe03b.default\searchplugins\ask.xml[2009/08/02 10:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009/07/28 17:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009/08/01 20:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2009/08/01 20:50:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009/08/01 20:23:22 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll[2009/08/01 21:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll[2009/08/01 21:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xmlO1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\System32\drivers\PhiBtn.exe (Philips)O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\System32\drivers\Tray900.exe (Philips)O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/05 11:29:34 | 00,000,000 | -H-D | M]O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: rbrooks.com ([project] https in Trusted sites)O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/o...ts/pjclient.cab (PjAdoInfo3 Class)O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/o...033/pjcintl.cab (Pj11enuC Class)O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not foundNetSvcs: 6to4 - Service key not found. File not foundNetSvcs: Ias - Service key not found. File not foundNetSvcs: Iprip - Service key not found. File not foundNetSvcs: Irmon - Service key not found. File not foundNetSvcs: NWCWorkstation - Service key not found. File not foundNetSvcs: Nwsapagent - Service key not found. File not foundNetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)NetSvcs: WmdmPmSp - Service key not found. File not foundNetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)========== Files/Folders - Created Within 14 Days ==========[2009/08/05 22:17:14 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll[2009/08/05 22:17:11 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe[2009/08/05 22:17:03 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls[2009/08/05 22:16:59 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys[2009/08/05 22:09:23 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll[2009/08/05 22:09:20 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll[2009/08/05 22:09:20 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll[2009/08/05 22:09:20 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll[2009/08/05 22:09:18 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll[2009/08/05 22:09:18 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll[2009/08/05 22:08:19 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax[2009/08/05 22:08:15 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll[2009/08/05 22:08:12 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls[2009/08/05 22:08:11 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls[2009/08/05 22:07:22 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys[2009/08/05 22:06:48 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys[2009/08/05 22:06:45 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys[2009/08/05 22:06:43 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys[2009/08/05 22:06:05 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys[2009/08/05 22:05:26 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys[2009/08/05 22:04:53 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax[2009/08/05 22:04:30 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys[2009/08/05 22:04:12 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys[2009/08/05 22:04:09 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys[2009/08/05 22:04:07 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys[2009/08/05 22:04:06 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys[2009/08/05 22:03:56 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys[2009/08/05 22:03:46 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls[2009/08/05 22:03:42 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex[2009/08/05 22:03:09 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys[2009/08/05 22:03:05 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys[2009/08/05 22:02:51 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex[2009/08/05 22:01:26 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll[2009/08/05 22:01:24 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll[2009/08/05 22:01:20 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll[2009/08/05 22:01:18 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll[2009/08/05 22:01:16 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll[2009/08/05 22:01:12 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll[2009/08/05 22:01:09 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll[2009/08/05 22:00:59 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex[2009/08/05 22:00:58 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys[2009/08/05 22:00:56 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys[2009/08/05 22:00:54 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys[2009/08/05 22:00:44 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys[2009/08/05 22:00:40 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys[2009/08/05 22:00:38 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys[2009/08/05 22:00:36 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys[2009/08/05 22:00:34 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys[2009/08/05 22:00:32 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys[2009/08/05 22:00:31 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys[2009/08/05 22:00:17 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys[2009/08/05 22:00:13 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys[2009/08/05 22:00:12 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys[2009/08/05 21:59:01 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys[2009/08/05 21:58:55 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys[2009/08/05 21:58:52 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll[2009/08/05 21:58:51 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll[2009/08/05 21:58:50 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll[2009/08/05 21:58:24 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys[2009/08/05 21:58:01 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll[2009/08/05 21:57:55 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll[2009/08/05 21:57:54 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys[2009/08/05 21:57:32 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys[2009/08/05 21:57:31 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys[2009/08/05 21:57:29 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys[2009/08/05 21:57:22 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls[2009/08/05 21:57:22 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls[2009/08/05 21:57:22 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls[2009/08/05 21:57:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls[2009/08/05 21:57:21 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls[2009/08/05 21:57:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls[2009/08/05 21:57:20 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls[2009/08/05 21:57:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls[2009/08/05 21:57:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls[2009/08/05 21:57:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls[2009/08/05 21:57:19 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls[2009/08/05 21:57:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls[2009/08/05 21:57:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls[2009/08/05 21:57:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls[2009/08/05 21:57:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls[2009/08/05 21:57:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls[2009/08/05 21:57:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls[2009/08/05 21:57:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls[2009/08/05 21:57:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls[2009/08/05 21:57:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls[2009/08/05 21:57:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls[2009/08/05 21:57:13 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls[2009/08/05 21:57:13 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls[2009/08/05 21:57:13 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls[2009/08/05 21:57:12 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls[2009/08/05 21:57:12 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls[2009/08/05 21:57:12 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls[2009/08/05 21:57:12 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls[2009/08/05 21:57:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls[2009/08/05 21:57:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls[2009/08/05 21:57:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls[2009/08/05 21:57:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls[2009/08/05 21:57:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls[2009/08/05 21:57:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls[2009/08/05 21:57:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls[2009/08/05 21:57:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls[2009/08/05 21:57:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls[2009/08/05 21:57:07 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls[2009/08/05 21:57:07 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls[2009/08/05 21:57:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls[2009/08/05 21:57:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls[2009/08/05 21:57:06 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls[2009/08/05 21:57:06 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls[2009/08/05 21:57:04 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys[2009/08/05 21:56:52 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls[2009/08/05 21:56:51 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls[2009/08/05 21:56:50 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys[2009/08/05 21:56:46 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys[2009/08/05 21:56:45 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys[2009/08/05 21:56:45 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys[2009/08/05 21:56:44 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll[2009/08/05 21:56:44 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll[2009/08/05 21:56:40 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys[2009/08/05 21:56:40 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys[2009/08/05 21:56:39 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys[2009/08/05 21:56:39 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys[2009/08/05 21:56:38 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys[2009/08/05 21:56:38 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys[2009/08/05 21:56:37 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys[2009/08/05 21:56:37 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys[2009/08/05 21:56:36 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys[2009/08/05 21:56:31 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys[2009/08/05 21:56:29 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys[2009/08/05 21:56:23 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys[2009/08/05 21:55:24 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys[2009/08/05 21:55:24 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys[2009/08/05 21:55:24 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys[2009/08/05 21:55:23 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys[2009/08/05 21:55:23 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys[2009/08/05 21:55:21 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll[2009/08/05 21:55:20 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys[2009/08/05 21:55:19 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll[2009/08/05 21:08:20 | 20,787,89632 | -HS- | C] () -- C:\hiberfil.sys[2009/08/05 11:22:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled[2009/08/05 10:18:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\My Received Files[2009/08/05 09:18:03 | 00,000,000 | ---D | C] -- C:\_OTL[2009/08/05 09:17:13 | 00,000,108 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url[2009/08/05 09:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss[2009/08/04 18:31:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache[2009/08/04 18:16:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2009/08/04 18:16:55 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe[2009/08/04 18:16:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2009/08/04 18:16:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2009/08/04 18:16:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2009/08/04 18:16:55 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2009/08/04 18:16:55 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2009/08/04 18:16:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2009/08/04 18:16:37 | 00,000,000 | --SD | C] -- C:\ComboFix[2009/08/04 18:16:34 | 00,000,000 | ---D | C] -- C:\Qoobox[2009/08/04 18:16:10 | 03,155,496 | R--- | C] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe[2009/08/02 12:01:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\settings.dat[2009/08/02 12:00:00 | 00,000,000 | ---D | C] -- C:\Rooter$[2009/08/02 11:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2009/08/02 11:49:29 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk[2009/08/02 11:49:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk[2009/08/02 11:49:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk[2009/08/02 11:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT[2009/08/02 11:39:05 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe[2009/08/02 11:36:54 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe[2009/08/02 11:36:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe[2009/08/02 11:36:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe[2009/08/02 11:36:40 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe[2009/08/02 11:29:39 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc[2009/08/02 09:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Yahoo![2009/08/02 09:34:37 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk[2009/08/02 09:34:03 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk[2009/08/02 09:33:41 | 00,001,560 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS[2009/08/01 21:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS[2009/08/01 21:14:07 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk[2009/08/01 21:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime[2009/08/01 21:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2009/08/01 21:13:26 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update[2009/08/01 21:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple[2009/08/01 20:50:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee[2009/08/01 20:23:38 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk[2009/08/01 20:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software[2009/08/01 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster[2009/08/01 19:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE[2009/08/01 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft[2009/08/01 07:15:38 | 00,244,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck[2009/08/01 07:15:38 | 00,244,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck[2009/08/01 07:15:38 | 00,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG[2009/08/01 07:15:33 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys[2009/08/01 07:15:33 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys[2009/08/01 07:15:33 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys[2009/08/01 07:15:25 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS[2009/08/01 07:15:25 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS[2009/08/01 07:15:25 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys[2009/08/01 07:02:27 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC[2009/07/31 23:35:46 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys[2009/07/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Panda Security[2009/07/31 23:34:40 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavdrv51.sys[2009/07/31 23:34:40 | 00,000,249 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat[2009/07/31 23:34:33 | 00,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl[2009/07/31 23:34:24 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll[2009/07/31 23:34:20 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll[2009/07/31 23:34:20 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1634.sys[2009/07/31 23:34:20 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll[2009/07/31 23:34:20 | 00,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL[2009/07/31 23:34:20 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll[2009/07/31 23:34:20 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll[2009/07/31 23:34:19 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\avldr.dll[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Panda Security[2009/07/31 23:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security[2009/07/31 23:33:27 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys[2009/07/31 23:33:02 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys[2009/07/31 23:33:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys[2009/07/31 23:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security[2009/07/31 22:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes[2009/07/31 22:36:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2009/07/31 22:36:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/07/31 22:36:29 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/07/31 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2009/07/31 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools[2009/07/31 21:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\CCleaner backup[2009/07/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Don's Downloads[2009/07/30 20:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion[2009/07/30 20:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo![2009/07/30 20:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner[2009/07/28 23:12:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys[2009/07/28 17:25:59 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys[2009/07/28 17:22:28 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys[2009/07/28 17:22:28 | 00,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys[2009/07/28 17:22:27 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys[2009/07/28 17:22:27 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys[2009/07/28 17:17:46 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2009/07/28 17:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2009/07/26 09:39:05 | 17,828,326 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe[2009/07/25 10:30:59 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI========== Files - Modified Within 14 Days ==========[2009/08/06 08:11:02 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck[2009/08/06 08:11:02 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg[2009/08/06 08:11:01 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck[2009/08/06 08:11:01 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG[2009/08/06 08:11:01 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck[2009/08/06 08:11:01 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg[2009/08/06 08:11:01 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck[2009/08/06 08:11:01 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt[2009/08/06 08:11:01 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck[2009/08/06 08:11:01 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg[2009/08/06 08:11:01 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck[2009/08/06 08:11:01 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg[2009/08/06 08:10:59 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck[2009/08/06 08:10:59 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg[2009/08/06 08:10:59 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck[2009/08/06 08:10:59 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt[2009/08/06 08:09:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/08/06 08:09:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/08/06 08:09:34 | 20,787,89632 | -HS- | M] () -- C:\hiberfil.sys[2009/08/05 12:34:48 | 00,244,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck[2009/08/05 12:34:48 | 00,244,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT[2009/08/05 11:47:11 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2009/08/05 10:06:49 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini[2009/08/05 10:06:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009/08/05 10:06:49 | 00,000,211 | RHS- | M] () -- C:\boot.ini[2009/08/05 09:17:13 | 00,000,108 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url[2009/08/04 18:26:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2009/08/04 18:14:03 | 03,155,496 | R--- | M] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe[2009/08/04 18:01:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/08/02 12:01:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\settings.dat[2009/08/02 11:49:29 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk[2009/08/02 11:49:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\NTREGOPT.lnk[2009/08/02 11:49:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk[2009/08/02 11:33:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe[2009/08/02 11:32:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Bill\Desktop\Rooter.exe[2009/08/02 11:32:31 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe[2009/08/02 11:32:00 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\The_Comedian.exe[2009/08/02 11:29:39 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BestTechie OTL.doc[2009/08/02 09:34:37 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Shortcut to ATF-Cleaner.exe.lnk[2009/08/02 09:34:03 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SpywareBlaster.lnk[2009/08/02 09:33:41 | 00,001,560 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CCleaner.lnk[2009/08/02 09:31:52 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys[2009/08/01 21:14:07 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2009/08/01 20:23:38 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk[2009/08/01 09:02:01 | 17,828,326 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck[2009/08/01 07:18:39 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls[2009/08/01 07:02:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC[2009/07/31 23:36:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/07/31 23:36:20 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/07/31 23:36:20 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/07/31 23:34:40 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat[2009/07/31 22:36:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2009/07/31 21:22:36 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2009/07/30 15:45:00 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bill\Desktop\RootRepeal.exe[2009/07/29 09:39:52 | 08,879,104 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb[2009/07/29 09:39:52 | 04,901,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb[2009/07/28 17:22:28 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys[2009/07/28 17:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2009/07/26 10:19:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009/07/25 10:30:59 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI========== LOP Check ==========[2009/08/02 10:19:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data[2008/11/23 23:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead[2008/08/03 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar[2009/01/06 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink[2008/10/27 17:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp[2009/07/30 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo[2008/08/03 20:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI[2008/04/19 07:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2009/01/06 20:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp[2008/07/08 19:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom[2008/08/03 20:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15[2008/04/19 07:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall[2009/08/01 08:50:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bill\Application Data[2008/11/24 18:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Ahead[2008/12/25 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ArcSoft[2008/04/19 07:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CyberLink[2008/11/05 23:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon[2009/07/31 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Panda Security[2008/12/03 09:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux[2008/10/16 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template[2008/07/08 19:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom[2008/04/19 07:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\You've Got Pictures Screensaver[2009/08/01 21:13:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009/08/06 08:09:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\vlc-1.0.0-win32.exe:SummaryInformation< End of report > Link to post Share on other sites
Rorschach112 Posted August 6, 2009 Report Share Posted August 6, 2009 looking good, how she running Link to post Share on other sites
TheTerrorist_75 Posted August 6, 2009 Author Report Share Posted August 6, 2009 Running like it should. Now it is time to give them the stern lecture before they can have it back. Thank you. Link to post Share on other sites
Rorschach112 Posted August 6, 2009 Report Share Posted August 6, 2009 final step Your logs are cleanFollow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Below I have included a number of recommendations for how to protect your computer against malware infections.Keep Windows updated by regularly checking their website at :http://windowsupdate.microsoft.com/This will ensure your computer has always the latest security updates available installed on your computer.SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.Make Internet Explorer more secureClick Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Custom levelIn the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".Next Click OK, then Apply button and then OK to exit the Internet Properties page.[*]TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.[*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.[*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop upblocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from HereIf you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.NoScript - for blocking ads and other potential website attacksMcAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling[*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.[*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.[*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.[*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.[*]Please read my guide on how to prevent malware and about safe computing hereThank you for your patience, and performing all of the procedures requested. Link to post Share on other sites
TheTerrorist_75 Posted August 6, 2009 Author Report Share Posted August 6, 2009 Thanks. I just finished running Secunia Software Inspector, removing insecure out dated programs and then updating them including Firefox. I will now clean up the other programs. Link to post Share on other sites
Rorschach112 Posted August 7, 2009 Report Share Posted August 7, 2009 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts